You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Matthieu Baechler (Jira)" <se...@james.apache.org> on 2020/06/15 07:01:00 UTC

[jira] [Commented] (JAMES-3215) Remove SSL support in James

    [ https://issues.apache.org/jira/browse/JAMES-3215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17135505#comment-17135505 ] 

Matthieu Baechler commented on JAMES-3215:
------------------------------------------

I don't like the idea of having to setup another component to handle what should be mandatory for any service in 2020: having encryption over TCP session.

I may be wrong but I suspect all others mail servers handle TLS by themselves. (and having encryption termination is not enough because you need to support STARTTLS)

Also, I don't agree with this claim.

>  It causes the inclusion of various libraries, and Java suuuuuucks for SSL support.

We depend on Java integrated support for encryption that is far from sucking AFAIK and bouncycastle that is also quite good. Not really a lot of dependencies

I would rather open a ticket about support certificates without keystores and/or implement letsencrypt protocol

> Remove SSL support in James
> ---------------------------
>
>                 Key: JAMES-3215
>                 URL: https://issues.apache.org/jira/browse/JAMES-3215
>             Project: James Server
>          Issue Type: Improvement
>            Reporter: David Leangen
>            Priority: Major
>
> SSL support is not working [1], and it complicates the installation process. It causes the inclusion of various libraries, and Java suuuuuucks for SSL support.
> It would make James a lot simpler to remove SSL support and make SSL termination somebody else's problem. These days it should be easy to use a proxy (like nginx) or an ingress (for example in Kubernetes) to perform SSL termination.
> It would be one less thing to maintain in James, one less thing that can go wrong, one less step to take just to get a James server working, and a step closer to providing good user support.
> {quote}[1] I define "working" by meaning that as a user, I follow the instructions but it still does not work as intended.
> {quote}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org