MacFixIt Answers
<p>MacFixIt Answers is a feature from MacFixIt where our editors answer questions e-mailed to us by our readers. Beyond the many inquiries we have had regarding the recent OS X system update, this week we have an inquiry about the use of SSL in e-mail.</p
MacFixIt Answers is a feature from MacFixIt where our editors answer questions e-mailed to us by our readers. Beyond the many inquiries we have had regarding the recent OS X system update, this week we have an inquiry about the use of SSL in e-mail.
MacFixIt reader "David Floyd" asks:
"I have had the same problem on and off for weeks if not months. Mail
will show in the activity window but not be downloaded from the
server. As soon as I disabled SSL they came right through. Cox
support was predictably clueless. Any idea why this is happening?
What is the function of SSL?"
We recently wrote about the issue in this MacFixIt article. For some reason, either upgrades or changes in server configuration may have altered how the SSL connection between the Cox servers and Mail is functioning.
SSL stands for "Secure Sockets Layer" and is a protocol used to encrypt data transmitted between a server and a client. It can be used for many connection types, including e-mail, Web browsing, instant messaging, and media streaming such as VoIP and video chatting. SSL is ever-increasing in robustness, and has developed into TLS, or "Transport Layer Security" that has refinements over the original SSL implementation; however, SSL is still widely implemented.
The basics for how it works is the e-mail client will request a secure connection from the server and present a number of supported cipher algorithms to the server for encrypting the data. The server will have its own supported algorithms and will then choose from the most robust algorithm match between it and the client. The server then identifies itself with a digital certificate that is signed by a certificate authority (Verisign, Digi-sign, GeoTrust, and so on) to verify with the client that the server is legitimate.
After verification, the client receives the server's public encryption key for use with the cipher algorithm, and generates a private session key that can only be read by the server when decrypted with the server's private key (not available to the public). The session key is then used to encrypt and decrypt material with the cipher algorithm until the connection is closed and the session key is terminated.
The key to SSL security is that the server's private session key is unknown to anyone (even the client), and therefore if a message is intercepted by a third party it cannot be decrypted without the private keys. Problems with SSL can happen in any of the checking routines, and for some reason the Cox servers are not communicating with the Mail client properly in one of these steps. In many cases, a faulty SSL connection will result in an error notification, but not always. You can check your system logs to see if any error messages appear there when SSL fails, however beyond setting the proper TCP port number to use and checking an SSL box there is very little that a client can do to ensure SSL is set up and working properly.
If you have a question for MacFixIt Answers, please send it in: http://www.macfixit.com/contact
Resources