The Init SSL/TLS option is available for TCP Listeners only.
Set the Init SSL/TLS listener socket option to >On to tell the Listener component to initiate SSL/TLS negotiations as soon as a connection from a remote site is accepted. Only when a secure connection is established, the Listener allows the communication module to initiate its own protocol (IMAP, HTTP, etc.) - on top of the secure SSL/TLS protocol.
Note: Please read the Security section and configure your Domain TLS certificates before you set this option to On.
Note: When a Listener accepts a connection on a Secure Socket, it tries to detect the CommuniGate Pro Domain the client has connected to. At this time no information has yet been transferred from the client to the server, so the local server IP address the client has connected to is the only data CommuniGate Pro can use to detect the target Domain. If you want a Domain to have its own Security Certificate and to use it for Secure Socket connections, that Domain must have an IP address assigned to it.
When the Domain is selected, the Listener retrieves the Domain Certificate and initiates a secure (SSL/TLS) session. If the selected Domain does not have a Certificate, the connection is dropped and an error message is placed into the CommuniGate Pro Log.
Note: The current versions of the Internet protocols support the STARTTLS/STLS or equivalent commands. These commands are used to provide secure communications without creating a special Secure Socket on an additional port. Instead, a regular port is used, and a regular, non-secure connection is established, and then the client sends the STARTTLS or an equivalent command, and the client and server initiate the SSL/TLS session. If the software you use employs the STARTTLS command (as most SMTP software packages do these days), then you do not need to create any special Secure Socket for secure (SSL/TLS) communications.
Set the Init SSL/TLS listener socket option to Ext to tell the Listener component that all connections coming to this socket are SSL/TLS secured, but that there is an external device implementing all SSL/TLS encryption/decryption operations. Connections coming to these ports are clear-text connections, but higher-level CommuniGate Pro components and protocols process these connections as if they come encrypted: clear-text Login operations are considered secure, STARTTLS operations are prohibited, etc.