!!! Overview[1]
[{$pagename}] (OE) refers to an [Encryption] concept that, when connecting to another system, attempts to [encrypt] the [communications] channel, otherwise falling back to unencrypted communications. 

[{$pagename}] requires no pre-arrangement between the two systems.


[{$pagename}] can be used to combat passive wiretapping. (An active wiretapper, on the other hand, can disrupt [encryption] negotiation to either force an unencrypted channel or perform a [Man-In-The-Middle] attack on the encrypted link.) It does not provide a strong level of security as [authentication] may be difficult to establish and secure communications are not mandatory. Yet, it does make the [encryption] of most Internet traffic easy to implement, which removes a significant impediment to the mass adoption of [Internet] traffic security.

[{$pagename}] on the Internet is described in a few documents:
* [RFC 7435]  - [Opportunistic Security]: Some Protection Most of the Time
* [RFC 8164] - [Opportunistic Security] for [HTTP2]

!! Implementations
[Mozilla] started to roll out [{$pagename}] in [Firefox] version 37 in [2015] wand was quickly rolled back (in update 37.0.1) due to a serious [vulnerability] that could bypass SSL [Certificate Validation].

[Opportunistic TLS]  is used with in IMAP, [POP3] and [ACAP] ([RFC 2595]) and [SMTP] ([RFC 3207]) using [StartTLS] extensions implementation where it is not necessary to obtain a [certificate] from a [Certificate Authority], as a [Self-signed Certificate] can be used. These may be subject to [Strip]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Opportunistic_encryption|Wikipedia:Opportunistic_encryption|target='_blank'] - based on information obtained 2018-02-22-