Issue 2551351: mailer.py tighten up ssl connection

classification

Title:	mailer.py tighten up ssl connection
Type:	security	Severity:	normal
Components:	Mail interface	Versions:

process

Status:	new	Resolution:
Dependencies		Superseder:
Assigned To:		Nosy List:	rouilj
Priority:		Keywords:

Created on 2024-05-15 03:53 by rouilj, last changed 2024-05-15 03:53 by rouilj.

Messages
msg8047	Author: [hidden] (rouilj)	Date: 2024-05-15 03:53
When we have python 3.6 or newer we can set options in mailer.py to validate the remote certificate name/subject_alt_name and load default certs from the hosts certificate store. We need tests to verify this works. Consider a test server like: mailpit (https://mailpit.axllent.org/docs/configuration/) smtp4dev (https://github.com/rnwood/smtp4dev) greenmail (https://greenmail-mail-test.github.io/greenmail/#features) that can do starttls (initial connection tcp then upgrade to TLS) or TLS/SSL (all connections over TLS). (Note we can't do TLS/SSL we only support starttls.)

msg8047

Author: [hidden] (rouilj)

Date: 2024-05-15 03:53

When we have python 3.6 or newer we can set options in mailer.py to validate the remote 
certificate name/subject_alt_name and load default certs from the hosts certificate store.

We need tests to verify this works.

Consider a test server like:

  mailpit (https://mailpit.axllent.org/docs/configuration/)
  smtp4dev (https://github.com/rnwood/smtp4dev)
  greenmail (https://greenmail-mail-test.github.io/greenmail/#features)

that can do starttls (initial connection tcp then upgrade to TLS)
or TLS/SSL (all connections over TLS). (Note we can't do TLS/SSL
we only support starttls.)

History
Date	User	Action	Args
2024-05-15 03:53:42	rouilj	create

Roundup Tracker - Issues

Issue 2551351