| Message ID | 20210409211812.3869-1-sir@cmpwn.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | send-email: clarify SMTP encryption settings | expand |
On Fri, Apr 9, 2021 at 5:18 PM Drew DeVault <sir@cmpwn.com> wrote: > The present options are misleading; "ssl" enables generic, "modern" SSL > support, which could use either SSL or TLS; and "tls" enables the > SMTP-specific (and deprecated) STARTTLS protocol. > > This changes the canonical config options to "ssl/tls" and "starttls", > updates the docs to explain the options in more detail, and updates > git-send-email to accept either form. > --- Missing sign-off.
> On Apr 9, 2021, at 14:18, Drew DeVault <sir@cmpwn.com> wrote: > > The present options are misleading; "ssl" enables generic, "modern" SSL > support, which could use either SSL or TLS; and "tls" enables the > SMTP-specific (and deprecated) STARTTLS protocol. > > This changes the canonical config options to "ssl/tls" and "starttls", > updates the docs to explain the options in more detail, and updates > git-send-email to accept either form. > --- > Documentation/git-send-email.txt | 11 ++++++++--- > git-send-email.perl | 4 ++-- > 2 files changed, 10 insertions(+), 5 deletions(-) > > diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt > index 93708aefea..3597935e41 100644 > --- a/Documentation/git-send-email.txt > +++ b/Documentation/git-send-email.txt > @@ -168,9 +168,14 @@ Sending > unspecified, choosing the envelope sender is left to your MTA. > > --smtp-encryption=<encryption>:: > - Specify the encryption to use, either 'ssl' or 'tls'. Any other > - value reverts to plain SMTP. Default is the value of > - `sendemail.smtpEncryption`. > + Specify the encryption to use, either 'ssl/tls' or 'starttls', whichever > + is recommended by your email service provider. SSL/TLS is typically > + used on port 465 and is preferred if available. STARTTLS is typically > + used on port 25 or 587. Any other value reverts to plain SMTP. The Weird that we fail open (no encryption) on typos. Any chance we can fix that in this patch? > + default is the value of `sendemail.smtpEncryption`. > ++ > +For legacy reasons, 'ssl' is accepted for 'ssl/tls' and 'tls' is accepted for > +'starttls'. > > --smtp-domain=<FQDN>:: > Specifies the Fully Qualified Domain Name (FQDN) used in the > diff --git a/git-send-email.perl b/git-send-email.perl > index f5bbf1647e..34fdf587bd 100755 > --- a/git-send-email.perl > +++ b/git-send-email.perl > @@ -1503,7 +1503,7 @@ sub send_message { > my $use_net_smtp_ssl = version->parse($Net::SMTP::VERSION) < version->parse("2.34"); > $smtp_domain ||= maildomain(); > > - if ($smtp_encryption eq 'ssl') { > + if ($smtp_encryption eq 'ssl' || $smtp_encryption eq 'ssl/tls') { > $smtp_server_port ||= 465; # ssmtp > require IO::Socket::SSL; > > @@ -1538,7 +1538,7 @@ sub send_message { > Hello => $smtp_domain, > Debug => $debug_net_smtp, > Port => $smtp_server_port); > - if ($smtp_encryption eq 'tls' && $smtp) { > + if (($smtp_encryption eq 'tls' || $smtp_encryption eq 'starttls') && $smtp) { > if ($use_net_smtp_ssl) { > $smtp->command('STARTTLS'); > $smtp->response(); > -- > 2.31.1 >
On Fri Apr 9, 2021 at 7:14 PM EDT, Georgios Kontaxis wrote: > Weird that we fail open (no encryption) on typos. > Any chance we can fix that in this patch? That would technically be a breaking change.
Drew DeVault <sir@cmpwn.com> writes: > The present options are misleading; "ssl" enables generic, "modern" SSL > support, which could use either SSL or TLS; and "tls" enables the > SMTP-specific (and deprecated) STARTTLS protocol. Hmph. Isn't SMTPS (running SMTP over SSL encrypted connection) the one that was once deprecated until it got resurrected)? STARTTLS is not all that SMTP specific---POP and IMAP can also start in cleartext and upgrade with STARTTLS the same way, no? I couldn't find a justification for our log message to call STARTTLS-style explicit TLS "deprecated". When you send an updated version, please give a reference. > This changes the canonical config options to "ssl/tls" and "starttls", > updates the docs to explain the options in more detail, and updates > git-send-email to accept either form. > --- Missing Sign-off, ... > Documentation/git-send-email.txt | 11 ++++++++--- > git-send-email.perl | 4 ++-- > 2 files changed, 10 insertions(+), 5 deletions(-) > > diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt > index 93708aefea..3597935e41 100644 > --- a/Documentation/git-send-email.txt > +++ b/Documentation/git-send-email.txt > @@ -168,9 +168,14 @@ Sending > unspecified, choosing the envelope sender is left to your MTA. > > --smtp-encryption=<encryption>:: > - Specify the encryption to use, either 'ssl' or 'tls'. Any other > - value reverts to plain SMTP. Default is the value of > - `sendemail.smtpEncryption`. > + Specify the encryption to use, either 'ssl/tls' or 'starttls', whichever > + is recommended by your email service provider. SSL/TLS is typically > + used on port 465 and is preferred if available. STARTTLS is typically > + used on port 25 or 587. Any other value reverts to plain SMTP. The > + default is the value of `sendemail.smtpEncryption`. I think it is a vast improvement to describe what existing 'ssl' and 'tls' does, like the above does. It is a documentation update that deserves its own commit (i.e. [PATCH 1/3]), and it should be done before adding the new ssl/tls and starttls synonyms. Making it an error to give unrecognised string (i.e. other than 'ssl' and 'tls'), or at least warning, would be a good follow-up change (i.e. [PATCH 2/3]), but that is optional. And then, it may make sense to introduce the synonyms, but please make it a separate patch that builds on top of the other two steps (i.e. [PATCH 3/3]). Honestly I am ambivalent about these two synonyms this patch added. In the ideal world, it would have been nice if we could make 'tls' as the name of the choice that has been known as 'ssl' (i.e. the underlying transport protocol to run SMTP or any other higher layer protocol on top, there used to be SSL but these days TLS is used as an improved alternative---SSL 2.0/3.0 have been deprecated for some time), but because we used 'tls' to mean the STARTTLS-style "start SMTP as plain and then upgrade to encrypted channel", we can't reuse the 'tls' for that purpose. I do not have any qualm about the fully spelled out "starttls" synonym for the latter. In fact, if we can go back in time and redo the history with hindsight, that is the name we should have used from the beginning. But I find it unfortunate that we need to say 'ssl/tls', i.e. prefixing the name of the choice with the name of a deprecated thing, for the former. Another reason I am hesitant about 'ssl/tls' is because the description of it in documentation naturally invites errors. I.e. "You can set it to 'ssl/tls'..." sounds as if the manual is telling me to use one of 'ssl' or 'tls', which is not what it is sayng---it literally wants me to say 'ssl/tls' with a slash in it. Thanks.
On Fri Apr 9, 2021 at 8:52 PM EDT, Junio C Hamano wrote: > Hmph. > > Isn't SMTPS (running SMTP over SSL encrypted connection) the one > that was once deprecated until it got resurrected)? Kind of, back in the 90's, but that's water under the bridge now. SMTP over SSL/TLS is the de-facto standard. > STARTTLS is not all that SMTP specific---POP and IMAP can also start > in cleartext and upgrade with STARTTLS the same way, no? Well, email-specific, at least. Sorry for the confusion. > I couldn't find a justification for our log message to call > STARTTLS-style explicit TLS "deprecated". When you send an updated > version, please give a reference. The main concern with STARTTLS is downgrade attacks. I'll note this in the commit message for v2. > I think it is a vast improvement to describe what existing 'ssl' and > 'tls' does, like the above does. It is a documentation update that > deserves its own commit (i.e. [PATCH 1/3]), and it should be done > before adding the new ssl/tls and starttls synonyms. > > Making it an error to give unrecognised string (i.e. other than > 'ssl' and 'tls'), or at least warning, would be a good follow-up > change (i.e. [PATCH 2/3]), but that is optional. > > And then, it may make sense to introduce the synonyms, but please > make it a separate patch that builds on top of the other two steps > (i.e. [PATCH 3/3]). Ack, can do. > In the ideal world, it would have been nice if we could make 'tls' > as the name of the choice that has been known as 'ssl' (i.e. the > underlying transport protocol to run SMTP or any other higher layer > protocol on top, there used to be SSL but these days TLS is used as > an improved alternative---SSL 2.0/3.0 have been deprecated for some > time), but because we used 'tls' to mean the STARTTLS-style "start > SMTP as plain and then upgrade to encrypted channel", we can't reuse > the 'tls' for that purpose. > > I do not have any qualm about the fully spelled out "starttls" > synonym for the latter. In fact, if we can go back in time and redo > the history with hindsight, that is the name we should have used > from the beginning. But I find it unfortunate that we need to say > 'ssl/tls', i.e. prefixing the name of the choice with the name of a > deprecated thing, for the former. Another reason I am hesitant > about 'ssl/tls' is because the description of it in documentation > naturally invites errors. I.e. "You can set it to 'ssl/tls'..." > sounds as if the manual is telling me to use one of 'ssl' or 'tls', > which is not what it is sayng---it literally wants me to say > 'ssl/tls' with a slash in it. If I may propose a bold alternative: what I added as "ssl/tls", i.e. "modern" SSL, should be "yes", no encryption should be "no", and if you specifically need starttls: "starttls".
"Drew DeVault" <sir@cmpwn.com> writes: >> I couldn't find a justification for our log message to call >> STARTTLS-style explicit TLS "deprecated". When you send an updated >> version, please give a reference. > > The main concern with STARTTLS is downgrade attacks. I'll note this in > the commit message for v2. > ... > If I may propose a bold alternative: what I added as "ssl/tls", i.e. > "modern" SSL, should be "yes", no encryption should be "no", and if you > specifically need starttls: "starttls". Well, "is starttls deprecated" given to search engine gives me SMTPS (implicit SSL) has been deprecated/obsolete since SMTP+STARTTLS (explicit SSL) was defined in RFC2487. as the "featured snippet", and there are debates like "SMTPS has been deprecated since forever (late 90's or thereabouts)" https://news.ycombinator.com/item?id=10556797 I strongly prefer to keep our documentation out of that mess by not taking sides. To me, both are valid options to make the world safer over cleartext, and we won't have to make recommendations when both are available. Thanks.
On 2021-04-09 at 21:18:12, Drew DeVault wrote: > The present options are misleading; "ssl" enables generic, "modern" SSL > support, which could use either SSL or TLS; and "tls" enables the > SMTP-specific (and deprecated) STARTTLS protocol. > > This changes the canonical config options to "ssl/tls" and "starttls", > updates the docs to explain the options in more detail, and updates > git-send-email to accept either form. > --- > Documentation/git-send-email.txt | 11 ++++++++--- > git-send-email.perl | 4 ++-- > 2 files changed, 10 insertions(+), 5 deletions(-) > > diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt > index 93708aefea..3597935e41 100644 > --- a/Documentation/git-send-email.txt > +++ b/Documentation/git-send-email.txt > @@ -168,9 +168,14 @@ Sending > unspecified, choosing the envelope sender is left to your MTA. > > --smtp-encryption=<encryption>:: > - Specify the encryption to use, either 'ssl' or 'tls'. Any other > - value reverts to plain SMTP. Default is the value of > - `sendemail.smtpEncryption`. > + Specify the encryption to use, either 'ssl/tls' or 'starttls', whichever > + is recommended by your email service provider. SSL/TLS is typically > + used on port 465 and is preferred if available. STARTTLS is typically > + used on port 25 or 587. Any other value reverts to plain SMTP. The > + default is the value of `sendemail.smtpEncryption`. > ++ > +For legacy reasons, 'ssl' is accepted for 'ssl/tls' and 'tls' is accepted for > +'starttls'. I definitely approve of describing the two options. Even just saying that one option is tunneled and one is actually STARTTLS would be an improvement here without the additional options. Apparently I managed to figure it out, but I'm not sure if that's because I use STARTTLS or because I would logically prefer the more modern TLS over SSL just by looking at the names. Since I agree that "ssl/tls" may be a bit confusing, maybe we could call that option "wrapped" or "tunneled"? Other names are possible, of course.
On Fri Apr 9, 2021 at 9:39 PM EDT, brian m. carlson wrote: > Since I agree that "ssl/tls" may be a bit confusing, maybe we could call > that option "wrapped" or "tunneled"? Other names are possible, of > course. I would prefer to name the options after the terms we can expect the user to find in their mail service provider's documentation, hence SSL/TLS and STARTTLS. Though I can see the confusion in including the slash, I'll figure something else out.
"Drew DeVault" <sir@cmpwn.com> writes: > On Fri Apr 9, 2021 at 9:39 PM EDT, brian m. carlson wrote: >> Since I agree that "ssl/tls" may be a bit confusing, maybe we could call >> that option "wrapped" or "tunneled"? Other names are possible, of >> course. > > I would prefer to name the options after the terms we can expect the > user to find in their mail service provider's documentation, hence > SSL/TLS and STARTTLS. Though I can see the confusion in including the > slash, I'll figure something else out. OK. * My e-mail provider [*] seems to label these two as SSL/TLS (sometimes just TLS) and STARTTLS, but that is aligning how the popular client programs call these two methods, so it may not be a good datapoint. * GMail help page [*] seems to use 'SSL' vs 'STARTTLS' (they seem to support both). * Outlook.live.com/ help page [*] says they want you to use 'STARTTLS' for SMTP, but they use 'SSL/TLS' to describe their IMAP and POP offerings. With the above limited samples, I agree that the choices between 'SSL/TLS' and 'STARTTLS' would appear familiar to our end-users. [Reference] * https://helpspot.pobox.com/index.php?pg=kb.page&id=118 https://helpspot.pobox.com/index.php?pg=kb.page&id=125 https://helpspot.pobox.com/index.php?pg=kb.page&id=399 * https://support.google.com/mail/answer/7126229?hl=en * https://support.microsoft.com/en-us/office/pop-imap-and-stmp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353
On 10/04/21 07.52, Junio C Hamano wrote: > Isn't SMTPS (running SMTP over SSL encrypted connection) the one > that was once deprecated until it got resurrected)? > > STARTTLS is not all that SMTP specific---POP and IMAP can also start > in cleartext and upgrade with STARTTLS the same way, no? Wikipedia entry on Opportunistic TLS [1] said that STARTTLS is not specific to SMTP, but also to various protocols: > The STARTTLS command for IMAP and POP3 is defined in RFC 2595, for SMTP in RFC 3207, for XMPP in RFC 6120 and for NNTP in RFC 4642. For IRC, the IRCv3 Working Group has defined the STARTTLS extension. FTP uses the command "AUTH TLS" defined in RFC 4217 and LDAP defines a protocol extension OID in RFC 2830. HTTP uses upgrade header. [1]: https://en.wikipedia.org/wiki/Opportunistic_TLS
diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt index 93708aefea..3597935e41 100644 --- a/Documentation/git-send-email.txt +++ b/Documentation/git-send-email.txt @@ -168,9 +168,14 @@ Sending unspecified, choosing the envelope sender is left to your MTA. --smtp-encryption=<encryption>:: - Specify the encryption to use, either 'ssl' or 'tls'. Any other - value reverts to plain SMTP. Default is the value of - `sendemail.smtpEncryption`. + Specify the encryption to use, either 'ssl/tls' or 'starttls', whichever + is recommended by your email service provider. SSL/TLS is typically + used on port 465 and is preferred if available. STARTTLS is typically + used on port 25 or 587. Any other value reverts to plain SMTP. The + default is the value of `sendemail.smtpEncryption`. ++ +For legacy reasons, 'ssl' is accepted for 'ssl/tls' and 'tls' is accepted for +'starttls'. --smtp-domain=<FQDN>:: Specifies the Fully Qualified Domain Name (FQDN) used in the diff --git a/git-send-email.perl b/git-send-email.perl index f5bbf1647e..34fdf587bd 100755 --- a/git-send-email.perl +++ b/git-send-email.perl @@ -1503,7 +1503,7 @@ sub send_message { my $use_net_smtp_ssl = version->parse($Net::SMTP::VERSION) < version->parse("2.34"); $smtp_domain ||= maildomain(); - if ($smtp_encryption eq 'ssl') { + if ($smtp_encryption eq 'ssl' || $smtp_encryption eq 'ssl/tls') { $smtp_server_port ||= 465; # ssmtp require IO::Socket::SSL; @@ -1538,7 +1538,7 @@ sub send_message { Hello => $smtp_domain, Debug => $debug_net_smtp, Port => $smtp_server_port); - if ($smtp_encryption eq 'tls' && $smtp) { + if (($smtp_encryption eq 'tls' || $smtp_encryption eq 'starttls') && $smtp) { if ($use_net_smtp_ssl) { $smtp->command('STARTTLS'); $smtp->response();