diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a68656b8..87b5ed507 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ## Changes - Use read/write timeouts instead of per-command timeouts for SMTP #3985 - Cache DNS results for SMTP connections #3985 +- Prefer TLS over STARTTLS during autoconfiguration #4021 ## Fixes - Fix Securejoin for multiple devices on a joining side #3982 diff --git a/src/configure/server_params.rs b/src/configure/server_params.rs index 9ecaa5e1c..e8e98a755 100644 --- a/src/configure/server_params.rs +++ b/src/configure/server_params.rs @@ -99,15 +99,6 @@ impl ServerParams { // Try common secure combinations. vec![ - // Try STARTTLS - Self { - socket: Socket::Starttls, - port: match self.protocol { - Protocol::Imap => 143, - Protocol::Smtp => 587, - }, - ..self.clone() - }, // Try TLS Self { socket: Socket::Ssl, @@ -115,6 +106,15 @@ impl ServerParams { Protocol::Imap => 993, Protocol::Smtp => 465, }, + ..self.clone() + }, + // Try STARTTLS + Self { + socket: Socket::Starttls, + port: match self.protocol { + Protocol::Imap => 143, + Protocol::Smtp => 587, + }, ..self }, ] @@ -343,5 +343,41 @@ mod tests { } ], ); + + // Test that TLS is preferred to STARTTLS + // when the port and security are not set. + let v = expand_param_vector( + vec![ServerParams { + protocol: Protocol::Smtp, + hostname: "example.net".to_string(), + port: 0, + socket: Socket::Automatic, + username: "foobar".to_string(), + strict_tls: Some(true), + }], + "foobar@example.net", + "example.net", + ); + assert_eq!( + v, + vec![ + ServerParams { + protocol: Protocol::Smtp, + hostname: "example.net".to_string(), + port: 465, + socket: Socket::Ssl, + username: "foobar".to_string(), + strict_tls: Some(true) + }, + ServerParams { + protocol: Protocol::Smtp, + hostname: "example.net".to_string(), + port: 587, + socket: Socket::Starttls, + username: "foobar".to_string(), + strict_tls: Some(true) + }, + ], + ); } }