[wp-trac] [WordPress Trac] #36125: Disable automatic TLS encryption in PHPMailer

WordPress Trac noreply at wordpress.org
Sun Mar 6 09:31:31 UTC 2016

#36125: Disable automatic TLS encryption in PHPMailer
 Reporter:  scara               |       Owner:
     Type:  enhancement         |      Status:  new
 Priority:  normal              |   Milestone:  Awaiting Review
Component:  External Libraries  |     Version:  trunk
 Severity:  normal              |  Resolution:
 Keywords:  has-patch           |     Focuses:

Comment (by scara):

 Before the ''PHPMailer 5.2.10'' release, a WP instance - generally, a PHP
 based App - worked with those SMTP server with a broken TLS support
 because of WP admins - generally PHP based App admins - were not using TLS
 when configuring the SMTP support in the App.

 While I concur that the new PHPMailer feature contributes to secure the
 communication between the App and the SMTP server - otherwise, I'd open an
 issue in PHPMailer ;) -, I disagree that a PHP based App which could be
 "able to configure" that kind of security should be forced to use a
 behavior not directly managed by its Admin.

 That's my point and the reason why I raised this ''improvement'': IMHO it
 is actually kind of regression in WP due to the security enhancements
 adopted in one of its external libraries.

 Forgive me if the arguments above are not strong enough at the App side -
 not at the library side - or if it is enough to clearly document it in the
 release notes.


Ticket URL: <https://core.trac.wordpress.org/ticket/36125#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list