Commits on Nov 2, 2017

1. Misc. TLS security fixes and improvements …

     - The SMTP_PLAIN transport strategy now attempts an (insecure) STARTTLS
       upgrade where possible, but will always permit plaintext fallback to
       preserve backwards-compatibility with unencrypted SMTP.
   
       The opportunistic STARTTLS handshake in SMTP_PLAIN does not validate
       the server certificate's issuer or identity; therefore, it does not
       protect against active network attackers.
   
       The STARTTLS handshake, in this transport strategy, is merely a best-effort
       encryption mechanism to defend against passive network eavesdroppers.
   
     - The SMTP_SSL and SMTP_TLS transport strategies now validate certificates
       by setting JavaMail's `mail.<protocol>.ssl.checkserveridentity` property
       to true.
   
       Previously, no identity validation was performed, leaving SMTPS and
       STARTTLS connections vulnerable to man-in-the-middle attacks. Without
       identity validation, JavaMail accepts _any_ certificate issued by a
       JVM-trusted CA, regardless of the identity encoded in the certificate.
   
     - The SMTP_TLS transport strategy now requires STARTTLS support by setting
       JavaMail's `mail.smtp.starttls.required` property to true.
   
       Previously, STARTTLS support was not required, enabling a man-in-the-middle
       attack whereby an attacker could strip the STARTTLS request from an SMTP
       connection, causing JavaMail to fall back to plaintext SMTP for
       authentication and email transport.

   

   cbarcenas committed Nov 2, 2017
   Configuration menu

   • View commit details
   • Copy full SHA for 633aa4d
   • Browse repository at this point

   Copy the full SHA

   633aa4d View commit details

   Browse the repository at this point in the history