the different possibilities of securing a connection with the server are currently obscure
basically, there are three types of connection: tls, ssl and plain , in that order of security. currently, one can choose between either "tls_and_plain" or "ssl" by enabling or disabling ssl connections, with the note that ssl is "legacy". if this is disabled it is unclear and not brought to the notice of the user whether the current connection is actually secured with tls and thus more secure than it would have been with ssl or if it is a plain text connection and thus very insecure. the little lock icon in the account name doesn´t mean much to most people (does it mean my connection is secured or does it indicate I have an openPGP key attached to this account? just for example.)
imo, it should be like this in the configuration panel:
Security :
- choose automatically
- specify manually
two radiobuttons, the first meaning that the connection is first checked for tls availablity, then for ssl and as a last option plain text is used. the specify manually would simply be a dropdown menu where you could choose either of three connection methods.
last but not least there could also be three ACE values, for the advanced users; "allow_tls" , "allow_ssl" and "allow_plain" .