How do SMTP clients determine whether to use Explicit or Implicit SSL
Most mail clients that support SSL/TLS only require the user to say whether or not SSL should be enabled. The user doesn't have to know anything about Explicit & Implicit SSL and the differences between them.
So, how does the mail client determine which type of SSL to use? Is it based on default port numbers? Does it just try one and then the other?
Answer
A mail client must know if implicit SSL is in use when it connects, as it is responsible for initiating the SSL handshake with a ClientHello message. How it determines this is up to the client. Port numbers are a great hint, but there could also be a check box in some UI that forces it even when the standard (unprotected) port number is used.
There are IANA registered port numbers for secure mail, but some ISPs may use other ports.
- IMAP/SSL: 993
- POP3/SSL: 995
SMTP/SSL is often offered on port 465, but this is not registered, and is less common since support for explicit SSL is widely supported by SMTP agents.
Support for explicit SSL can be advertised by a server using a protocol-specific negotiation. For example, when a client connects to an SMTP server, and issues the EHLO command, the server will list its capabilities, which might include support for the STARTTLS command.