StartTLS
The StartTLS command (also known as STARTSSL, StartSSL or “Opportunistic TLS”) extends the Transport Layer Security (TLS) protocol in order to encrypt the information transmitted using the TLS protocol. StartTLS is mainly used as a protocol extension for communication by e-mail, based on the protocols SMTP, IMAP and POP. HTTP has its own method (specified in RFC 2817), which is very similar to StartTLS. However, the use of HTTPS (RFC 2818) is now more common. As well as the e-mail protocols mentioned, StartTLS can initiate the encryption process with the following methods:
- LDAP (RFC 4511)
- FTP (RFC 4217)
- XMPP (RFC 6120)
- NNTP (RFC 4642)
StartTLS has become the most popular e-mail encryption method among internet providers, as it facilitates the use of many different domains and certificates on one server. The method is not undisputed, as private details such as the IP address are initially sent in unencrypted form. This means man-in-the-middle attacks are possible by overwriting the StartTLS unnoticed by the provider.
SSL certificates from IONOS
Protect your domain and gain visitors' trust with an SSL-encrypted website!
How does StartTLS work?
As an additional command for SSL/TLS, StartTLS offers the major advantage that communication is not restricted with clients that do not support encryption. StartTLS generates far fewer compatibility problems. However, mail programs (clients) must have a procedure on what to do with the data when a server refuses TLS. A further advantage are mutual negotiations regarding encryption, so that automated processes take over in the event of a communication failure. The administrator or user doesn't need to intervene.
The StartTLS method always starts a connection in unencrypted mode on a port configured for plain text. Only after the StartTLS command has been fully executed, the protocol negotiates the encryption with the client. It doesn't need to establish a new connection. Thanks to StartTLS, the port doesn't need to be contacted in the event of a communication error. The client can simply use the StartTLS protocol provided by the mail server.
Disadvantages of the StartTLS protocol become evident with regard to security software. Firewalls must analyze the process at user level to sort encrypted data from unencrypted data. The same applies to proxies that differentiate ports, as the ports are not changed with StartTLS. This makes it harder to carry out the appropriate caching. Sometimes it isn't performed at all.
StartTLS raises some concerns about data protection. Most e-mail programs use the “TLS where possible” option, so that the user does not notice whether or not the connection to the mail server is encrypted. This also increases the risk of a man-in-the-middle attack, as the network operator can simply filter out the StartTLS extension and therefore has the option of logging the data exchange. If the StartTLS command is not executed, data communication is unencrypted - and the user will normally not notice that.
Check our guidebook on man-in-the-middle attacks to see how this spying method works.
It is therefore recommended to perform a careful test in advance to see whether the server is actually StartTLS-capable. You shouldn't start using the protocol regularly until this has been done. If encrypted communication subsequently fails, it will be due to an external problem.
Example: E-mail
A user wants to encrypt an e-mail using TLS. They select the StartTLS protocol in the account configuration settings or the e-mail client account settings to integrate the encryption method flawlessly into normal operations. After sending the e-mail, communication starts:
- The client asks the mail server whether the encryption method is accepted by transmitting “250-STARTTLS”.
- If the feedback is positive (“go ahead”), an encrypted connection is established.
- The client restarts the connection. The e-mail communication is now encrypted.
How can I test StartTLS?
The TLS protocol may use different ports, depending on the provider. StartTLS can easily be integrated into the connection, so that no port switching is required and the encryption method can be easily tested from a suitable terminal. This makes it obvious which port the provider uses for StartTLS. The following command can be used to test whether a mail server accepts StartTLS as an encryption method during normal operations (e.g. in NetCat):
$ nc smtp.test.server smtp
220 Mailserver ESMTP Exim 4.69 Wed, 18 Jul 2018 12:19:15 +0200
ehlo test
250-Mailserver Hello oneandone [10.1.2.73]
250-SIZE 78643200
250-PIPELINING
250-STARTTLS
220-go ahead
250 HELP
Quit
221 Mailserver closing connectionThe “STARTTLS” command is used here to activate encryption. You can also see that private data, such as the IP address, is transmitted in unencrypted form during this process.
The command for OpenSSL looks like this:
$ openssl s_client -host mail.test.server-port 25 -starttls smtp
CONNECTED(00000003)
[...]
250 HELP
ehlo test
250-Mailserver Hello oneandone [10.1.2.73]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELPHowever, authentication in SMTP is not so easy. In most cases, the “AUTH PLAIN” method can help. To use it, the access data has to be encoded in Base64. The Perl command $ perl -MMIME::Base64 -e 'print encode_base64("\000user-ju\000secret")' is used to generate a code that is subsequently forwarded to the SMTP server (“AUTH PLAIN [Code]”). The test for StartTLS was successful when the server answers with “Authentication succeeded” (including code). Further mail commands can follow.
Testing of the StartTLS on servers or in protocols that are not compatible with OpenSSL can be facilitated by the gnuts-cli tool (from the gnuts-bin).
Related articles
HPKP: What is behind the public-key pinning extension for HTTP
SSL/TLS certificates play an increasingly important role in the transmission of sensitive data. They guarantee that data packets reach the desired addressee without any detours. Problems only arise when internet users are deliberately redirected by invalid certificates from dubious certification bodies – a scenario that can be prevented using so-called HTTP public key pinning (HPKP).
What is email encryption and how does is work
Are the emails that you send and receive encrypted? If not, it’s about time you started. Only by encrypting the transmission and content of emails can you ensure that your data is secure while being sent. Otherwise, unauthorized persons can read your email traffic easily and possibly gain access to sensitive data such as passwords and bank information. We’ll show you the best protection…
iunewindShutterstock ERR_SSL_PROTOCOL_ERROR: how to fix the Chrome bug
Chrome is the world’s most widely-used internet browser. The application scores points not only when it comes to security and speed, but also with its features such as cross-device synchronization of user data. But errors can occur even when surfing with Google’s wonder weapon. These can lead to the browser crashing or prevent certain pages from being accessed. The error message…
sdecoretShutterstock What is TLS (Transport Layer Security)?
Internet security measures have become indispensable these days. Encryption is essential to ensure that unauthorized third parties do not gain access to data or are able to manipulate it. That’s what TLS or Transport Layer Security is for. Here’s what you need to know about this integral element of the modern Internet.
TLS vs. SSL: what is the difference?
SSL and TLS are two encryption protocols that are frequently used in email programs and browsers. Have you ever wondered which one you should choose when you are prompted to pick one when configuring an email client, for example? Here, you will learn what the differences between SSL and TLS are and why only one of them is still viable today.