search

deanproxy / eMail

Command line SMTP client
https://www.deanproxy.com/code
GNU General Public License v2.0
135 stars 46 forks source link

TLS is fixed at version 1.0 only #47

Open bllfr0g opened 6 years ago

bllfr0g commented 6 years ago

With the TLS option, email supports only TLSv1.0, which is either obsolete, or rapidly becoming obsolete, depending on your point of view.

Looks like in dlib, around line 175 of dnet.c, is where TLSv1.0 is hardcoded in.

Would be awesome if instead you tried, in priority order, TLSv1.2, TLSv1.1, TLSv1.0.

eabase commented 3 years ago

Hmm, is this still the case?

meiser79 commented 3 years ago

You should change dlib/src/dnet.c line 175 to

sd->ctx = SSL_CTX_new(SSLv23_client_method()); SSL_CTX_set_options(sd->ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);

This allows all TLS ciphers, but excludes SSLv2 and SSLv3.