STARTTLS

STARTTLS is a mechanism used by several text-based application protocols to upgrade an existing plain, unencrypted connection to a TLS-protected one. It allows encryption while preserving a single network port, improving compatibility with older clients and servers that do not start in TLS by default. The most common use is in email: after establishing a plain connection to a mail server, a client can issue a STARTTLS command to initiate a TLS handshake. Once the TLS layer is established, subsequent commands, including user authentication, are carried out over the encrypted channel. STARTTLS is also employed by other protocols such as IMAP, POP3, LDAP, and XMPP to provide encryption on their standard ports.

Implementation and scope: The STARTTLS extension was defined for SMTP in a standards document, and similar

Security considerations: STARTTLS protects data in transit on a given connection but does not inherently provide