What is StartTLS? How it works, uses, and security risks

Contents

The StartTLS command (also known as “Opportunistic TLS”) extends the Transport Layer Security (TLS) protocol to encrypt the communication of information using the TLS protocol.

How does StartTLS work?

As a protocol extension for TLS, StartTLS offers the major advantage that encryption does not impede communication with clients that do not support the method. Thus, there are far fewer compatibility issues with StartTLS. However, if a server refuses TLS, a mail program (client) must know how to proceed with the data. Another advantage is the mutual negotiation of encryption, which makes automated processes unnecessary without the admin’s or user’s intervention in case of a communication failure.

In the StartTLS process, a connection always starts unencrypted, specifically on the port designated for plaintext. Only after executing the StartTLS command does the protocol negotiate encryption with the client, without establishing a new connection. Thanks to StartTLS, if there’s a communication error, no port change is required, and the client can simply rely on the StartTLS procedure provided by the email server.

StartTLS ensures encryption of the communication between two email servers if both sides support StartTLS.

Example of encrypting an email

An email is to be encrypted using the TLS method. The StartTLS protocol is selected to seamlessly integrate the encryption method into normal operation. You usually find the corresponding option in the account configuration or account settings of your email client. After sending the email, communication begins:

The client sends an EHLO request to inquire about the encryption methods.
The mail server responds with “250-STARTTLS,” indicating that it accepts StartTLS.
The client sends “STARTTLS” to initiate encryption.
The server responds with the status code “220 OK”.

Create a Business Email

Discover a new way to email

Write perfect emails with optional AI features
Communicate professionalism and credibility
Includes domain, forwarding, and security features

Areas of application for StartTLS

StartTLS is primarily used as a protocol extension in communication via email for the protocols SMTP, IMAP, and POP. HTTP has its own procedure (specified in RFC 2817) that is very similar to StartTLS. Today, however, the use of HTTPS (RFC 2818) is more common. Besides the mentioned email protocols, StartTLS can at least initiate the encryption process in the following protocols:

LDAP (RFC 4511)
FTP (RFC 4217)
XMPP (RFC 6120)
NNTP (RFC 4642)

With internet providers, StartTLS is by far the most popular email encryption method because it allows many different domains and certificates on one server. However, the method is controversial because some private details like the IP address are initially unencrypted and Man-in-the-Middle attacks are possible, as StartTLS can be overwritten unnoticed by the provider.

Advantages and disadvantages of StartTLS

Disadvantages become apparent in the StartTLS procedure in terms of security software. Firewalls must analyze the procedure at the application layer to distinguish encrypted from unencrypted data. The same applies to proxies, which prefer to work with port differentiation – however, with StartTLS, the ports are not switched. This makes the corresponding caching difficult or not executed at all.

When it comes to data protection, StartTLS is not without concerns. Most email programs use the option “TLS if available,” which means users are unaware if the connection to the mail server is encrypted or not. Additionally, the risk of a man-in-the-middle attack increases as the network operator can simply filter out the StartTLS extension, getting the chance to log the data exchange. If the StartTLS command is not executed, the data is communicated unencrypted – and users generally do not notice this.

Therefore, it’s recommended to first conduct a careful test to ensure that the server is indeed capable of StartTLS. Only then should the procedure be used by default. If encrypted communication fails, an external problem must exist.

How can I test StartTLS?

TLS protocols use different ports depending on the provider. However, because StartTLS can be easily embedded in the connection, making port switching unnecessary, the encryption method can be tested with a suitable console. This shows which port the respective provider uses for StartTLS. The following command can be used (e.g., in Netcat) to check if a mail server accepts StartTLS as an encryption method during normal operation:

$ nc smtp.ionos.com 587
220 mail.example.com (mreue011) Nemesis ESMTP Service ready
ehlo test.local
250-mail.example.com Hello test.local [80.187.86.70]
250-8BITMIME
250-SIZE 141557760
250 STARTTLS
STARTTLS
220 OK

bash

The command “STARTTLS” should appear here to enable encryption. You can also see that private data, such as the IP address, is transmitted unencrypted.

For OpenSSL, the command looks as follows:

$ openssl s_client -starttls smtp -connect smtp.ionos.com:587
CONNECTED(00000005)
[…]
SSL handshake has read 4650 bytes and written 1659 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 3072 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 STARTTLS

bash

For SMTP, authentication is not as straightforward. The “AUTH PLAIN” method usually provides a solution, where credentials must be encoded in Base64. A code can be generated with the Perl command $ perl -MMIME::Base64 -e 'print encode_base64("\000user-ju\000secret"), which is then given to the SMTP server (AUTH PLAIN [Code]). If the server responds with Authentication succeeded (with code), the StartTLS test was successful. Subsequently, further mail commands can be executed.

Tip

If you want to test StartTLS on servers or protocols that are not compatible with OpenSSL, the tool gnutls-cli (from the package gnutls-bin) can help.

Was this article helpful?

agsandrewshutterstock

HPKP: What is behind the public-key pinning extension for HTTP

SSL/TLS certificates play an increasingly important role in the transmission of sensitive data. They guarantee that data packets reach the desired addressee without any detours. Problems only arise when internet users are deliberately redirected by invalid certificates from…

Security

Sending encrypted emails over SSL or TLS

Are your emails encrypted when you send and receive them? If not, there’s no time like the present! Encrypting your email is the only way to ensure it arrives safely at its destination. Otherwise sensitive data such as passwords, bank details or addresses, could be available for…

SSL
Security

iunewindShutterstock

ERR_SSL_PROTOCOL_ERROR: how to fix the Chrome bug

Chrome is the world’s most widely-used internet browser. The application scores points not only when it comes to security and speed, but also with its features such as cross-device synchronization of user data. But errors can occur even when surfing with Google’s wonder weapon.…

SSL
Google
Encryption

sdecoretShutterstock

What is TLS (Transport Layer Security)? The protocol explained

Internet security measures have become indispensable these days. Encryption is essential to ensure that unauthorized third parties do not gain access to data or are able to manipulate it. That’s what TLS or Transport Layer Security is for. Here’s what you need to know about this…

Encyclopedia

TLS vs. SSL: what is the difference?

SSL and TLS are two encryption protocols that are frequently used in email programs and browsers. Have you ever wondered which one you should choose when you are prompted to pick one when configuring an email client, for example? Here, you will learn what the differences between…