Matt Galloway

My home on the 'net.

iPhone Mail SSL / TLS is ridiculous

I found out today after large amount of digging at work that iPhone is even more stupid than I originally thought. We first had issues with the fact that for listing folders it doesn’t support subscriptions, so the folder list shows our hundreds of shared folders. On a good IMAP client (even Mac :-O) it will use LSUB instead of LIST to show only those folders which you are subscribed to. We marginally solved this issue by using a perl IMAP filtering proxy to filter out the LIST responses from the server to remove a large portion of the folder tree. This worked ok, but it doesn’t have any support for SSL.

So I set about hacking the perl to change the listening socket into an SSL socket… What I discovered shocked me. Usual IMAP clients have a security setting allowing you to choose none, SSL or TLS. The iPhone only has one which is labelled as “SSL”. So one would assume this means that you only have the option for SSL, right? No.

What it actually means is this:

if(ssl == on) {
    if(port == 993) {
        <ssl session>
    } else {
        <tls session>

So, if you want to do IMAP/SSL then you HAVE to be connecting to port 993! How ridiculous is that! We needed to have our proxy running on a separate port.