Ivar Lumi wrote:
Hi,
After reading RFC 3207, i found probably non documented item.
For example:
C: STARTTLS
S: 220 Go ahead
C: <starts TLS negotiation>
C & S: <negotiate a TLS session>
C & S: <check result of negotiation>
Now if negotiation fails, whats then ?
Send error ? close connection ?
Whats the proper action ?
Philip's response is correct.
I just want to add one more thing: if the server can detect TLS failure
before issuing "220 Go ahead" (e.g. a server TLS certificate is not
configured), it should do so and return failure at this stage.
Even better if the server pre-create TLS context upfront and don't
advertise STARTTLS if there is no chance of it succeeding.