Does discourse support both SSL and TLS encrypted SMTP?

(Yang Flincllck) #1

Does discourse support both SSL and TLS encrypted SMTP?

(Jens Maier) #2

Since SSL and TLS are the same thing, I’m guessing what you mean is whether Discourse supports SMTPS as well as SMTP+STARTTLS?

(Bill Ayakatubby) #3

While you’re technically correct that SSL and TLS are the same thing, TLS is the newer–and presumably more secure–iteration of the technology.

(Jens Maier) #4

True. However, unless you’re implementing the protocol or are configuring a cipher suite, you do not need to care or know about the difference; all relevant modern SSL libraries support and often by default prefer TLS.

Anyway, to answer @flincllck’s question, after looking through Rails ActionMailer’s documentation, the code of Net::SMTP and Discourse’s configuration, it seems that SMTPS is not supported. Discourse should be configured to connect to port 25 (smtp) or 587 (submission) with smtp_enable_start_tls set to true.

(Yang Flincllck) #5

When i setting like these:


It’s failure to send mail.

But when i use these to configure wordpress,it hava options:TLS and SSL .When i choose the SSL ,it send successful.
So I don’t know what’s wrong it.

(Jens Maier) #6

Yeah, as I said, Discourse doesn’t support SMTPS. You need to set the port to 587 and set smtp_enable_start_tls to true. That configuration is perfectly secure and your SMTP traffic will be fully encrypted, the only difference is that the SMTP server and client say “hello” before starting the encryption; no user data or email contents are sent unencrypted.

(Yang Flincllck) #7

Thanks for your help.
i solve it.I mean i just use other mail provider.

(Lethe Yi) #8

hi,which mail provider you finally use?

(陈明) #9

i meet a problem with the exmail . how do you reslove it?

(Qiao Guo) #10

Instead of STARTTLS over 587, shouldn’t discourse support SSL/TLS over 465 by default?

(Bhanu Sharma) #11

There’s no reason for it to not work.

(Stephen) #12

SSL and TLS are different things.

465 was meant to denote SSL while 587 was allocated to TLS.

IANA has since repurposed 465 completely so hopefully we will begin to see the confusion that the pair creates die down.

Stick to TLS on 587 unless you’ve got a very good reason not to.

(Qiao Guo) #13

I am afraid your understanding is wrong.
There are 3 groups of SMTP settings:

  1. Plain text on port 25
  2. STARTTLS on port 587
  3. SSL/TLS on port 465

1 and 3 is like http and https, while 2 is something being deprecated by 3.
SSL and TLS are old and new version/name of same thing.
However, STARTTLS is something different which people often misunderstood it as TLS.