[wp-trac] [WordPress Trac] #36125: Disable automatic TLS encryption in PHPMailer

Sun Mar 6 10:27:18 UTC 2016

#36125: Disable automatic TLS encryption in PHPMailer
--------------------------------+------------------------------
 Reporter:  scara               |       Owner:
     Type:  enhancement         |      Status:  new
 Priority:  normal              |   Milestone:  Awaiting Review
Component:  External Libraries  |     Version:  trunk
 Severity:  normal              |  Resolution:
 Keywords:  has-patch           |     Focuses:
--------------------------------+------------------------------

Comment (by BinaryKitten):

 Hi @scara

 Welcome to Trac and thank you for submitting this ticket.

 I'm not sure turning off security by default should be the way to go.
 Especially since the version you've mentioned has been in Core since July
 of last year and "turning off" would leave users that are in need of or
 use TLS, without that security.

 Would a documentation update be a better choice here, since there is a
 hook for phpmailer_init which will allow this to be achieved for those
 with the issue.

 {{{#!php
 <?php
 add_action('phpmailer_init', 'disableTLS');

 /**
  * @param \PHPMailer $phpmailer
  */
 function disableTLS($phpmailer){
     // Disable the automatic TLS encryption added in PHPMailer v5.2.10
 (9da56fc1328a72aa124b35b738966315c41ef5c6)
     $phpmailer->SMTPAutoTLS = false;
 }
 }}}

 This is a simple plugin file that you could drop into mu-plugins to get
 the same result without compromising security that is already there.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36125#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform