TLS-Version supported

Issue #1000 closed

Daniel A. created an issue 2019-07-19

It looks like piler smtp-server only supports TLS1.0. Is there a possibility to add support for TLS1.2 and later TLS1.3?

Thanks in advance.

Comments (6)

Janos SUTO repo owner
There’s a typo in src/smtp.c specifying TLSv1_server_method for openssl 1.0.x. Fix it to TLS_server_method just as it is 2 lines below, recompile, and you should be fine. I’ll make the patch soon.
- 2019-07-19T07:10:24+00:00
Janos SUTO repo owner
Hold it! What openssl version do you have? What Linux distro do you have?
- 2019-07-19T16:42:57+00:00
Daniel A. reporter
OpenSSL 1.0.2g on Ubuntu 16.04.6 LTS (GNU/Linux 4.15.0-1050-azure x86_64), thanks for your investigation
- 2019-07-19T19:31:25+00:00
Janos SUTO repo owner
Well, that version of openssl doesn’t ship a generic TLS version that’s able to negotiate the strongest possible encryption, so that’s why I chose a conservative and hopefully generic enough TLS v1.0. If you think you can move up to v1.2, then fix both src/smtp.c and src/misc.c and use TLSv1_2_server_method and TLSv1_2_client_method. Unfortunately openssl 1.0.x does not support TLS v1.3.
- 2019-07-19T19:41:24+00:00
Daniel A. reporter
Thanks, I’ve upgraded OS, openssl version to 1.1.1 and piler to 1.3.5 incl. database/tables to utf8mb4_unicode_ci, so everything works like a charm, without patching.
- 2019-07-21T09:43:00+00:00
Janos SUTO repo owner
- changed status to closed
- 2019-07-21T09:55:50+00:00
Log in to comment