STARTTLS in L4SSL VS

Overview

The SMTP (Simple Mail Transfer Protocol) is a communication protocol for electronic mail transmission. Based on SMTP, STARTTLS upgrades a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication.

STARTTLS Process Flow

The following is the STARTTLS process flow:

STARTTLS process starts after TCP handshake.
The server identifies with 220 Ready that the email client can proceed with the communication.
The client sends the server EHLO to inform the server that the client will use Extended SMTP.
The server sends 250 STARTTLS to the client to check if STARTTLS is accepted or not.
The client sends STARTTLS to server saying STARTTLS is ok.
The server sends 220 GO Head to the client if SSL/ TLS can be started.
The client starts SSL/TLS with server.
After SSL/ TLS is done, email messages are encrypted.

DataScript Event in L4SSL

New Datascript Event

Event name: VS_DATASCRIPT_EVT_TCP_CLIENT_ACCEPT

Happens after TCP handshake done.

New Datascript API

API Name	Events	Description	Functionality
`avi.ssl.disable_ssl()`	`VS_DATASCRIPT_EVT_TCP_CLIENT_ACCEPT`	No argument	Disable SSL after TCP handshake
`avi.ssl.enable_ssl()`	`VS_DATASCRIPT_EVT_L4_REQUEST`	No argument	Enable SSL during the traffic

Traffic Flow

The traffic flow is as shown below:

The following is the traffic flow process:

Avi Vantage will create connection to the backend server after TCP handshakes with the client.
Avi Vantage sends proxy message between the client and the server.
The client can send EHLO anytime to the server about the usage of extended SMTP (right after the TCP handshake or after some data is sent).
After receiving EHLO, the server will advertise its services.
If there is no STARTTLS, the system will add 250 STARTTLS as one of the services.
The client can send a request for TLS to STARTTLS.
Avi Vantage replies the client with 220 and then starts TLS negotiation.
After SSL/TLS negotiation, the client sends encrypted mail to Avi Vantage.