Gmail SSL connection

B

Borrels

Senior Member
Joined
Jan 9, 2009
Messages
752
Reaction score
75
Location
Centurion
Hey security & Gmail experts,

Is it possible to turn off the Gmail requirement to have a SSL connection to the mail server when connecting via Outlook? I see there is an option in the GMail settings for 'browser connection', but is this only relevant for webmail access or also when using an email client?

How big is the risk of doing the above if the account is always accessed from a home connection i.e. no wi-fi packet sniffers? It is not like all ISP's require SSL to connect to their mail servers.
 
This is setup server side to force the HTTPS and not HTTP. If this was through a browser you can just back space the S but I don't really know through Outlook. I work for VeriSign inc.
 
Why would you want to turn it off, Outlook supports it, it is after all secure?
 
warwickw said:
Why would you want to turn it off, Outlook supports it, it is after all secure?
Click to expand...

True. I tested it with Outlook, as that is my email client, but I would like to know as not all emailing programs necessarily support SSL.
 
DBoy_25 said:
This is setup server side to force the HTTPS and not HTTP. If this was through a browser you can just back space the S but I don't really know through Outlook. I work for VeriSign inc.
Click to expand...

When using Gmail through a browser, I noticed that the login screen has HTTPS but it switched back to HTTP as soon as you're logged in and you're starting to browse your inbox. Does that mean your login credentials are secure but not the contents of your mails?
 
DBoy_25 said:
This is setup server side to force the HTTPS and not HTTP. If this was through a browser you can just back space the S but I don't really know through Outlook. I work for VeriSign inc.
Click to expand...

What exactly do you do there? That statement makes me think you make the coffee :whistle:

Borrels said:
When using Gmail through a browser, I noticed that the login screen has HTTPS but it switched back to HTTP as soon as you're logged in and you're starting to browse your inbox. Does that mean your login credentials are secure but not the contents of your mails?
Click to expand...

The full connection is secure.When you contact the server, a handshake process occurs in which a public key is verified (using digital certficates that are signed by a Certificate Authority like Verisign) and used to decrypt the contents of messages containing keys, cipher details, etc. This information is then used for the actual data transfer.

When you put your login details in, the connection has already been secured. In fact, the connection should be secured when any part of the page loads (in a good browser, that is).
 
dequadin said:
Not entirely true. Google will always use a secure connection for your account login page, but not necessary for your your GMail - you have to specify. So your username/password is secure, but I can read your email with wireshark :whistle: Which is what Borrels is talking about.

Apparently they decided not to secure GMail by default because of performance concerns.
Click to expand...

I can't get GMail webmail to not use SSL :-/
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X