starttls

Mailclients offer both settings, the STARTTLS and SSL/TLS. What is the difference between STARTTLS and SSL/TLS? The question is quite vague, but I guess I understand it. STARTTLS means "explicit TLS" where the connection is established on regular port and then STARTTLS command is sent to initiate SSL handshake and switch to protection mode. Another option probably defines implicit SSL/TLS on a dedicated port. In implicit mode first the handshake takes place and then the application-level protocol runs over the established secure channel. The clearest explanation that I've read is from FastMail

I want my app to talk to the server without encryption before issuing a STARTTLS and then upgrade the socket to be encrypted after that. Can I connect to a port (E.g., 5222) and use STARTTLS to request TLS using java? If so, which Socket object should I use for that? Sure you can. Use your SSLSocketFactory to create a socket wrapping an existing regular java.net.Socket: SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket( socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true); @Jan's answer was helpful (and I voted for it), but I had to tweak it a bit to get it

To prevent man-in-the-middle attacks (a server pretending to be someone else), I would like to verify that the SMTP server I connect too over SSL has a valid SSL certificate which proves it is who I think it is. For example, after connecting to an SMTP server on port 25, I can switch to a secure connection like so: <?php $smtp = fsockopen( "tcp://mail.example.com", 25, $errno, $errstr ); fread( $smtp, 512 ); fwrite($smtp,"HELO mail.example.me\r\n"); // .me is client, .com is server fread($smtp, 512); fwrite($smtp,"STARTTLS\r\n"); fread($smtp, 512); stream_socket_enable_crypto( $smtp, true,