Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
CRM-14814 CRM-8744 breaks on SMTP svrs requiring secure authentication #66
See forum discussion http://forum.civicrm.org/index.php/topic,21960
The change made for CRM-8744 prevents CiviCRM connecting to a SMTP server unless that server provides authentication in the clear. This is insecure.
SSL is a different protocol to TLS. SSL uses port 465 and communications is always encrypted via SSL. TLS uses port 587 and communications starts off in the clear. A properly configured TLS port should only offer one SMTP verb in the clear: STARTTLS.
What the patch for CRM-8744 does is prevent STARTTLS working. One either needs to use SSL or allow authentication in the clear. As SSL is a weaker protocol than TLS neither of these options is palatable.
+1. Merged. Feedback on forums was positive, and this PR aligns us better with upstream's code.
It's not clear to me if this will undo whatever benefit/fix was originally provided by CRM-8744 / http://www.pear-forum.org/post-4935.html -- or if
Aside: It looks like upstream has made some other TLS-related fixes and improved the syntax (boo PHP-4, yay PHP-7), so I might send another PR to upgrade.