Hi everyone
On all of the internet-facing services in our organisation, we're now using TLS/STARTTLS on the standard service TCP/IP ports. Rather than dedicated SSL ports.
So for IMAP/SMTP/e-mail submission/FTP our servers accept STARTTLS commands to upgrade the connection to TLS security rather than plaintext.
We're a small outfit so I have complete control/recommendation over the client software so I can make sure it's all compatible. TLS is mandatory for IMAP and FTP connections to our servers.
However the one exception to this is our intranet which runs on Apache (and our webmail interface, which is also Apache).
I've been under the impression that TLS is the present/future version of SSL and removes the requirement of needing to have a dedicated port on the server for SSL encrypted connections because TLS can operate over the normal port without causing any interference/side-effects.
In theory I guess this could also negate the need sites on shared servers to use a separate IP when they need to have an SSL certificate installed... eg: on cPanel/WHM servers.
But I've not found much documentation on using TLS on port 80 instead of the standard port for HTTPS 443.
Obviously to do this you would need to ensure that all HTTP clients that visit your server support the TLS mechanism.
I've found RFC 2817... http://www.faqs.org/rfcs/rfc2817.html
But does anyone know how widely this is supported?
Or how widely this is used in practice?
I've never seen much discussion of this topic really. It seems using STARTTLS is commonplace amongst FTP and e-mail connections but not so much when it comes to HTTP
Cheers, B
HTTP servers and TLS/STARTTLS support
Moderator: General Moderators