diff options
-rw-r--r-- | system/libraries/Email.php | 14 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 4 |
2 files changed, 16 insertions, 2 deletions
diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 967a0019a..71740ee5e 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -2074,7 +2074,19 @@ class CI_Email { $this->_send_command('hello'); $this->_send_command('starttls'); - $crypto = stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT); + /** + * STREAM_CRYPTO_METHOD_TLS_CLIENT is quite the mess ... + * + * - On PHP <5.6 it doesn't even mean TLS, but SSL 2.0, and there's no option to use actual TLS + * - On PHP 5.6.0-5.6.6, >=7.2 it means negotiation with any of TLS 1.0, 1.1, 1.2 + * - On PHP 5.6.7-7.1.* it means only TLS 1.0 + * + * We want the negotiation, so we'll force it below ... + */ + $method = is_php('5.6') + ? STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT + : STREAM_CRYPTO_METHOD_TLS_CLIENT; + $crypto = stream_socket_enable_crypto($this->_smtp_connect, TRUE, $method); if ($crypto !== TRUE) { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index f74308342..f6e24e519 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -7,7 +7,9 @@ Version 3.1.8 Release Date: Not Released -- General Changes +- General Changes + + - Updated :doc:`Email Library <libraries/email>` to always negotiate between TLS 1.0, 1.1, 1.2 when possible (PHP 5.6+) for SMTP connections. Bug fixes for 3.1.8 ------------------- |