Describe the bug
As per this thread on the forum: https://forum.codeigniter.com/thread-77192.html I'd say that the logic when connecting to the SMTP server is flawed. The SMTPCrypto setting complicates matters further since it controls the channel or the upgrade of the channel.
Connection to port 465 should use implicit TLS as per RFC8314 (i.e. the SMTPCrypto should be "ssl" but this is confusing as the server should require TLS). A STARTTLS command may be issued. However, some servers (Amazon SES for example) does not allow STARTTLS on port 465, but requires it on port 587.
Setting $SMTPCrypto = 'ssl' allows connecting to servers on port 587 but doesn't run the STARTTLS command so email submission will fail.
Furthermore, the PHP constant STREAM_CRYPTO_METHOD_TLS_CLIENT only enables TLS version 1.0 so STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT should be used in the call to stream_socket_enable_crypto if $SMTPCrypto = 'tls' is used. (Possibly STREAM_CRYPTO_METHOD_ANY_CLIENT may be used, but this would also enable SSL ciphers and I cannot say I understand the security implications of this).
I believe
CodeIgniter 4 version
4.0.4
Affected module(s)
Email Library
Expected behavior, and steps to reproduce if appropriate
When connecting to 465, the Email Library should always use TLS when connecting. SMTPCrypto should be set to blank.
When connecting to 587 SMTPCrypto should be set to tls to enable SMTP command STARTTLS to run.
The setting "ssl" doesn't make any sense but is required to get connection to 465 working.
Context
Describe the bug
As per this thread on the forum: https://forum.codeigniter.com/thread-77192.html I'd say that the logic when connecting to the SMTP server is flawed. The
SMTPCryptosetting complicates matters further since it controls the channel or the upgrade of the channel.Connection to port 465 should use implicit TLS as per RFC8314 (i.e. the
SMTPCryptoshould be"ssl"but this is confusing as the server should require TLS). A STARTTLS command may be issued. However, some servers (Amazon SES for example) does not allow STARTTLS on port 465, but requires it on port 587.Setting
$SMTPCrypto = 'ssl'allows connecting to servers on port 587 but doesn't run the STARTTLS command so email submission will fail.Furthermore, the PHP constant
STREAM_CRYPTO_METHOD_TLS_CLIENTonly enables TLS version 1.0 soSTREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENTshould be used in the call to stream_socket_enable_crypto if$SMTPCrypto = 'tls'is used. (PossiblySTREAM_CRYPTO_METHOD_ANY_CLIENTmay be used, but this would also enable SSL ciphers and I cannot say I understand the security implications of this).I believe
CodeIgniter 4 version
4.0.4
Affected module(s)
Email Library
Expected behavior, and steps to reproduce if appropriate
When connecting to 465, the Email Library should always use TLS when connecting.
SMTPCryptoshould be set to blank.When connecting to 587
SMTPCryptoshould be set totlsto enable SMTP command STARTTLS to run.The setting "ssl" doesn't make any sense but is required to get connection to 465 working.
Context