starttls
The starttls directive enables the STARTTLS command for mail protocols to initiate a secure connection via TLS.
Description
The 'starttls' directive is part of the NGINX Mail Core module and is utilized to enhance the security of mail connections by enabling the use of the STARTTLS command. When this directive is set within a mail server block, it allows the mail server to upgrade an existing insecure connection to a secure one using TLS. This is pivotal in protecting data integrity and preventing eavesdropping during transmission.
The behavior of the 'starttls' directive is to instruct the server to listen for STARTTLS commands from clients, effectively signaling the possibility to switch to a secure channel. To work properly, this directive must be accompanied by appropriate SSL configuration directives, such as 'ssl_certificate' and 'ssl_certificate_key', which specify the SSL certificate and private key for establishing the encrypted connection. Failure to include these settings will result in errors when clients attempt to establish a TLS session.
The typical usage of the 'starttls' directive happens within a mail server context, ensuring that the configuration supports secure connections initiated by email clients. The effectiveness of this directive is contingent upon the configuration of the underlying TLS support in NGINX, as it requires a correct SSL setup to function as intended.
Config Example
mail {
server {
listen 993;
protocol imap;
starttls;
}
}Ensure that the SSL certificate and key are correctly configured for TLS to work.
The 'starttls' directive only works when clients support the STARTTLS command.
Avoid using 'starttls' along with other conflicting security directives in the same server block.