SSL and TLS are used for securing and encrypting the connection between the mail client and the mail server. When I am talking about securing it means to secure the communication between the websites and browser where the user actually interacts with the application for accessing the server resources.
By default without SSL & TLS, The communication happens in plain text and that can be seen by attackers if the data will be captured and compromised. So securing communication is very important in today’s world. By using SSL & TLS you can encrypt the communication to a hashing format.
As we discussed data theft is very risky for an organization. SSL and TLS can be used to help protect that data theft and spamming as well because SSL and TLS allow users to securely transmit and receive confidential information email.
How SSL & TSL encypts & decrypts ?
SSL & TSL uses a certificate for establishing the TSL & SSL connection in a secure manner and the certificates use the key pair(private & Public key) to establish the secure connection. For example, when a mail client and server will communicate with each other they will go through a process called “SSL Handshake”. During this handshake process, the keys will be shared with each other between the client and server and once the session will be established they will use a standard key for encrypting and decrypting the original payload.
Note:-Same algorithm and key type will be used for data encryption and data decryption. if anything would be miss-matched then the communication
will not happen.
During the handshakes process, there are three keys are being used for establishing SSL connection, Private, Public and session key .basically private and public keys are used for establishing the SSL connection and once the session will be established the session key will be generated and then that session key will be used for original data encryption and decryption.
For configuring the SSL& TLS , Both mail server clients must be configured with the proper port number, and a certificate must be installed in the server and client as well.
POP, IMAP, and SMTP traffic are transmitted over predefined ports.IMAP uses port 143, POP uses port 110, and SMTP uses port 25. IMAP over SSL/TLS uses port 993. POP over SSL/TLS uses port 995, and SMTP over SSL/TLS uses port 465.
SSL verifies message integrity (to determine whether a message has been altered) using Message Authentication Codes (MACs) that use either MD5 or SHA. TLS, on the other hand, uses HMAC, allowing it to work with a wider variety of hash functions – not just MD5 and SHA.
TLS is the successor to SSL. It was introduced in 1999 as an upgrade to SSL 3.0, so TLS 1.0 is most similar to SSL 3.0 & is sometimes referred to as SSL 3.1, though TLS is not compatible with SSL 3.0. The version numbers for SSL are 1.0, 2.0, and 3.0, while TLS uses a different numbering pattern – 1.0, 1.1, 1.2.
TLS is incompatible with SSL 3.0, the client and server must agree on which protocol to use. This is accomplished via what’s known as a “handshake.” If TLS cannot be used, the connection may fall back to SSL 3.0.