[wp-trac] [WordPress Trac] #36125: Disable automatic TLS encryption in PHPMailer
WordPress Trac
noreply at wordpress.org
Sun Mar 6 09:31:31 UTC 2016
#36125: Disable automatic TLS encryption in PHPMailer
--------------------------------+------------------------------
Reporter: scara | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: External Libraries | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------------+------------------------------
Comment (by scara):
Before the ''PHPMailer 5.2.10'' release, a WP instance - generally, a PHP
based App - worked with those SMTP server with a broken TLS support
because of WP admins - generally PHP based App admins - were not using TLS
when configuring the SMTP support in the App.
While I concur that the new PHPMailer feature contributes to secure the
communication between the App and the SMTP server - otherwise, I'd open an
issue in PHPMailer ;) -, I disagree that a PHP based App which could be
"able to configure" that kind of security should be forced to use a
behavior not directly managed by its Admin.
That's my point and the reason why I raised this ''improvement'': IMHO it
is actually kind of regression in WP due to the security enhancements
adopted in one of its external libraries.
Forgive me if the arguments above are not strong enough at the App side -
not at the library side - or if it is enough to clearly document it in the
release notes.
HTH,
Matteo
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36125#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list