Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-15961

SMTP support for TLS is forcing use of deprecated TLS 1.0

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.2.8-RC1
    • 3.2.5
    • Other
    • None
    • PHP 7.1.25, MySQL(i) 5.7.23, Chrome 71.0.3578.98

      As TLS 1.0 and SSL 3.0 have been deprecated and become officially unsupported (https://en.wikipedia.org/wiki/Transport_Layer_Security), phpBB users are encountering SMTP servers which no longer allow encryption to degrade to TLS 1.0 or lower.

      As diagnosed and identified by Dion (https://www.phpbb.com/community/viewtopic.php?f=556&t=2501356#p15194441), the use of STREAM_CRYPTO_METHOD_TLS_CLIENT in phpBB's SMTP client (includes/functions_messenger.php) is forcing phpBB to attempt negotiating a "TLS 1.0 or lower" encrypted connection.

      Against SMTP servers which no longer support encryption lower than TLS 1.1, this fails, and the phpBB has no recourse or configuration to avoid the issue other than to cease using SMTP support in phpBB.

      Dion's solution correctly substitutes STREAM_CRYPTO_METHOD_SSLv23_CLIENT on PHP versions equal or greater than 5.6.7.  For earlier PHP versions, we would continue to specify STREAM_CRYPTO_METHOD_TLS_CLIENT as we do today.

      As confirmed in the PHP documentation (http://php.net/manual/en/function.stream-socket-enable-crypto.php), in 5.6.7 and later the already-existing STREAM_CRYPTO_METHOD_SSLv23_CLIENT constant was changed to now mean "TLS 1.2 or less" ( STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT ).  Meaning it's a choice that does not "force" TLS 1.2 or 1.1 as the only allowed negotiation, but will allow negotiating a TLS version that is higher than 1.0.

      Dion's change also suppresses the starttls() function's actions if the SMTP server name was prefixed with a "tls://" or "ssl://" protocol specifier, which has therefore already been passed to the PHP stream_socket_client() function before we ever reach the starttls() helper in functions_messenger.php.

      Dion stated that a PHP warning is issued if we have asked PHP's stream_socket_client() to already establish encryption, and then we proceed with the "hard-coded" STARTTLS command over that same connection.  What I can also say is that at least in my PHP 7.1.25 environment, specifying "tls://" appears to attempt negotiating TLS 1.0, which fails the same as phpBB's current STREAM_CRYPTO_METHOD_TLS_CLIENT usage fails, when talking to a server which requires TLS 1.1 or greater.

      So this is also an issue and a necessary change in the starttls() function, although eventually it is going to benefit from a phpBB documentation and language-dependent description change to advise users NOT to employ the "ssl://" or "tls://" prefixes as they have in previous phpBB versions (unless they truly want to invoke their underlying PHP version's protocol handling instead of using STARTTLS).

      These changes should be integrated into phpBB as soon as possible (even if corresponding documentation or language-dependent chances cannot happen until later), since the security posture of deprecating TLS 1.0 usage is only increasing for SMTP service providers.

            Senky Senky [X] (Inactive)
            EA117 EA117
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: