I have confused for many time about these three terms, STARTTLS vs SSL vs TLS.
Therefore, I did some research and summarize them in short.
- STARTTLS is a way to use an existing insecure connection and upgrade it to be secured through TLS or SSL.
- SSL/TLS is a way to form secure connection natively.
- TLS is the successor to SSL. Their history is SSLv2 -> SSLv3 -> TLSv1.0 -> TLSv1.1 -> TLSv1.2
- SMTP SSL/TLS encrypted over port 465
- SMTP with STARTTLS upgrading over port 587 (ISP can block port 25 to prevent most of the spammer in ISP network)