Opportunistic TLS

STARTTLSmasked the STARTTLS commandSTLSSTRIPTLS
Opportunistic TLS (Transport Layer Security) refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication.wikipedia
47 Related Articles

Transport Layer Security

SSLTLSSSL/TLS
Opportunistic TLS (Transport Layer Security) refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication.
Another mechanism is for the client to make a protocol-specific request to the server to switch the connection to TLS; for example, by making a STARTTLS request when using the mail and news protocols.

Post Office Protocol

POP3POPAPOP
The STARTTLS command for IMAP and POP3 is defined in RFC 2595, for SMTP in RFC 3207, for XMPP in RFC 6120 and for NNTP in RFC 4642.
Encrypted communication for POP3 is either requested after protocol initiation, using the STLS command, if supported, or by POP3S, which connects to the server using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) on well-known TCP port number 995.

Opportunistic encryption

auto-detectionopportunistically sign
Opportunistic TLS is an opportunistic encryption mechanism.
STARTTLS implementations often used with SMTP are vulnerable to STRIPTLS attacks when subject to active wiretapping.

SMTPS

Many email servers are configured to either not deliver email securely at all, or to first try secure delivery with the STARTTLS mechanism, and if that fails, for example because the remote service does not offer it, or because a successful MITM-attack has stripped announcement of the feature, simply fall back to delivery by insecure means.

Network News Transfer Protocol

NNTPnewsNNTPS
The STARTTLS command for IMAP and POP3 is defined in RFC 2595, for SMTP in RFC 3207, for XMPP in RFC 6120 and for NNTP in RFC 4642.
At the same time, the IETF also released which specifies the use of Transport Layer Security (TLS) via NNTP over STARTTLS.

Cricket Wireless

CricketCricket CommunicationsCricket Wireless (GSM)
In October 2014, Cricket Wireless, a subsidiary of AT&T, was revealed to be doing this to their customers.
Upon further investigation by the privacy firm in June 2014, Golden Frog determined that Cricket masked the STARTTLS command in email server responses, thereby "putting its customers at serious risk by inhibiting their ability to protect online communications."

Forward secrecy

perfect forward secrecyforward secureforward security mechanisms
Facebook reported that after enabling STARTTLS and encouraging other providers to do the same, until Facebook discontinued its email service in February 2014, 95% of outbound email was encrypted with both Perfect Forward Secrecy and strict certificate validation.
Facebook reported as part of an investigation into email encryption that, as of May 2014, 74% of hosts that support STARTTLS also provide forward secrecy.

Passive monitoring

passive
It is primarily intended as a countermeasure to passive monitoring.

Simple Mail Transfer Protocol

SMTP8BITMIMEemail protocol
The STARTTLS command for IMAP and POP3 is defined in RFC 2595, for SMTP in RFC 3207, for XMPP in RFC 6120 and for NNTP in RFC 4642.

XMPP

Extensible Messaging and Presence ProtocolJabberJabber/XMPP
The STARTTLS command for IMAP and POP3 is defined in RFC 2595, for SMTP in RFC 3207, for XMPP in RFC 6120 and for NNTP in RFC 4642.

Internet Relay Chat

IRCIRC clientIRC channel
For IRC, the IRCv3 Working Group has defined the STARTTLS extension.

File Transfer Protocol

FTPFTP serverFTP client
FTP uses the command "AUTH TLS" defined in RFC 4217 and LDAP defines a protocol extension OID in RFC 2830.

Object identifier

OIDOIDsobject identifier (OID)
FTP uses the command "AUTH TLS" defined in RFC 4217 and LDAP defines a protocol extension OID in RFC 2830.

HTTP/1.1 Upgrade header

Upgrade headerHTTP Upgrade headerHTTP/1.1 Upgrade (101 Switching Protocols)
HTTP uses upgrade header.

Round-trip delay time

round-trip timeround trip timeRTT
Separate SSL ports have the advantage of fewer round-trips; also less meta-data is transmitted in unencrypted form.

Lightweight Directory Access Protocol

LDAPDistinguished Nameattribute in LDAP
FTP uses the command "AUTH TLS" defined in RFC 4217 and LDAP defines a protocol extension OID in RFC 2830.

Man-in-the-middle attack

man-in-the-middleman in the middle attackman in the middle
Because the initial handshake takes place in plain text, an attacker in control of the network can modify the server messages via a man-in-the-middle attack to make it appear that TLS is unavailable (called a STRIPTLS attack).

Thailand

ThaiSiamTHA
In September 2014, two ISPs in Thailand were found to be doing this to their own customers.

AT&T

AT&T Inc.Southwestern Bell CorporationAT&T Latin America
In October 2014, Cricket Wireless, a subsidiary of AT&T, was revealed to be doing this to their customers.

Aio Wireless

This behavior started as early as September 2013 by Aio Wireless, who later merged with Cricket where the practice continued.

Exim

Exim mail serverexim4
STRIPTLS attacks can be blocked by configuring SMTP clients to require TLS for outgoing connections (for example, the Exim Message transfer agent can require TLS via the directive "hosts_require_tls" ).

Message transfer agent

mail transfer agentmail serverMTA
STRIPTLS attacks can be blocked by configuring SMTP clients to require TLS for outgoing connections (for example, the Exim Message transfer agent can require TLS via the directive "hosts_require_tls" ).

Mass surveillance

surveillance statesurveillance societysurveillance
An example of a STRIPTLS attack of the type used in Thai mass surveillance technology: