[tor-bugs] #10989 [BridgeDB]: bridgedb should use starttls for outgoing mails
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 21 13:05:18 UTC 2014
#10989: bridgedb should use starttls for outgoing mails
-----------------------------+-----------------
Reporter: arma | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+-----------------
Comment (by cypherpunks):
I just received a bridge email that did use TLS:
{{{
Received: from ponticum.torproject.org (ponticum.torproject.org.
[38.229.72.19])
by mx.google.com with ESMTPS id
ws6si6533465oeb.45.2014.02.21.04.18.40
for <XXXXX at gmail.com>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 21 Feb 2014 04:18:40 -0800 (PST)
}}}
Btw, from RFC 3848:
{{{
o The new keyword "ESMTPS" indicates the use of ESMTP when STARTTLS
is also successfully negotiated to provide a strong transport
encryption layer.
}}}
So, this premise of this ticket (that STARTTLS isn't attempted) appears to
be incorrect. However, if unencrypted SMTP connections are also allowed,
that should be fixed. Here is a link to the relevant postfix
documentation: http://www.postfix.org/TLS_README.html#client_tls
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10989#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list