ConfigLookup: Default to STARTTLS for LDAP from SRV records
I setup a new Collection account. As email address I fill nothing. As advanced options (Server) I enter aegee.org . Evolution correctly finds in DNS SRV _ldap._tcp.aegee.org → ldap://ldap.aegee.org:389 . However it does not guess correctly, whether STARTTLS shall be used. (sets: Encryption: NONE).
The existence of the record DNS TLSA _389._tcp.ldap.aegee.org is a signal in DNSSEC/DANE terms, that the server enforces certificate for the communication. The fingerprint match is not so relevant here, since Evolution does not utilize DNSSEC.
The same applies to the other protocols - pop3, imap, submission - as long as no autoconfig file is used.
• When DANE logic signals certificate enforcement, Evolution shall call STARTTLS.