TheStartTLS command (also known as STARTSSL, StartSSL or “Opportunistic TLS”) extends the Transport Layer Security (TLS) protocol in order to encrypt the information transmitted using the TLS protocol. StartTLS is mainly used as a protocol extension for communication by e-mail, based on the protocols SMTP, IMAP and POP. HTTP has its own method (specified in RFC 2817), which is very similar to StartTLS. However, the use of HTTPS (RFC 2818) is now more common. As well as the e-mail protocols mentioned, StartTLS can initiate the encryption process with the following methods:
- LDAP (RFC 4511)
- FTP (RFC 4217)
- XMPP (RFC 6120)
- NNTP (RFC 4642)
StartTLS has become the most popular e-mail encryption method among internet providers, as it facilitates the use of many different domains and certificates on one server. The method is not undisputed, as private details such as the IP address are initially sent inunencryptedform. This means man-in-the-middle attacks are possible by overwriting the StartTLS unnoticed by the provider.