(cloudstack) branch 4.20 updated: server: add user.password.reset.smtp.useStartTLS and enabledSecurityProtocols for password reset (#11228)

vishesh Sat, 18 Oct 2025 04:08:28 -0700

This is an automated email from the ASF dual-hosted git repository.

vishesh pushed a commit to branch 4.20
in repository https://gitbox.apache.org/repos/asf/cloudstack.git



The following commit(s) were added to refs/heads/4.20 by this push:
     new 963a67b8167 server: add user.password.reset.smtp.useStartTLS and 
enabledSecurityProtocols for password reset (#11228)
963a67b8167 is described below

commit 963a67b81677fa85ef06dc7c6c2aaa165c85d9df
Author: Wei Zhou <[email protected]>
AuthorDate: Tue Oct 7 06:49:57 2025 +0200

    server: add user.password.reset.smtp.useStartTLS and 
enabledSecurityProtocols for password reset (#11228)
---
 .../org/apache/cloudstack/user/UserPasswordResetManager.java  | 11 +++++++++++
 .../apache/cloudstack/user/UserPasswordResetManagerImpl.java  |  6 ++++++
 2 files changed, 17 insertions(+)

diff --git 
a/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManager.java 
b/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManager.java
index a42faf2835a..929f11013b0 100644
--- 
a/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManager.java
+++ 
b/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManager.java
@@ -55,6 +55,17 @@ public interface UserPasswordResetManager {
             "Use auth in the SMTP server for sending emails for resetting 
password for ACS users",
             false, ConfigKey.Scope.Global);
 
+    ConfigKey<Boolean> UserPasswordResetSMTPUseStartTLS = new 
ConfigKey<>(ConfigKey.CATEGORY_ADVANCED,
+            Boolean.class, "user.password.reset.smtp.useStartTLS", "false",
+            "If set to true and if we enable security via 
user.password.reset.smtp.useAuth, this will enable StartTLS to secure the 
connection.",
+            true,
+            ConfigKey.Scope.Global);
+
+    ConfigKey<String> UserPasswordResetSMTPEnabledSecurityProtocols = new 
ConfigKey<String>(ConfigKey.CATEGORY_ADVANCED,
+            String.class, "user.password.reset.smtp.enabledSecurityProtocols", 
"",
+            "White-space separated security protocols; ex: \"TLSv1 TLSv1.1\". 
Supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2",
+            true, ConfigKey.Kind.WhitespaceSeparatedListWithOptions, 
"SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2");
+
     ConfigKey<String> UserPasswordResetSMTPUsername = new 
ConfigKey<>(ConfigKey.CATEGORY_ADVANCED,
             String.class, "user.password.reset.smtp.username", null,
             "Username for SMTP server for sending emails for resetting 
password for ACS users",
diff --git 
a/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManagerImpl.java
 
b/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManagerImpl.java
index 6574489c827..798b6287e7e 100644
--- 
a/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManagerImpl.java
+++ 
b/server/src/main/java/org/apache/cloudstack/user/UserPasswordResetManagerImpl.java
@@ -93,6 +93,8 @@ public class UserPasswordResetManagerImpl extends ManagerBase 
implements UserPas
                 UserPasswordResetSMTPHost,
                 UserPasswordResetSMTPPort,
                 UserPasswordResetSMTPUseAuth,
+                UserPasswordResetSMTPUseStartTLS,
+                UserPasswordResetSMTPEnabledSecurityProtocols,
                 UserPasswordResetSMTPUsername,
                 UserPasswordResetSMTPPassword,
                 PasswordResetMailTemplate
@@ -106,6 +108,8 @@ public class UserPasswordResetManagerImpl extends 
ManagerBase implements UserPas
         Boolean useAuth = UserPasswordResetSMTPUseAuth.value();
         String username = UserPasswordResetSMTPUsername.value();
         String password = UserPasswordResetSMTPPassword.value();
+        Boolean useStartTLS = UserPasswordResetSMTPUseStartTLS.value();
+        String enabledSecurityProtocols = 
UserPasswordResetSMTPEnabledSecurityProtocols.value();
 
         if (!StringUtils.isEmpty(smtpHost) && smtpPort != null && smtpPort > 
0) {
             String namespace = "password.reset.smtp";
@@ -117,6 +121,8 @@ public class UserPasswordResetManagerImpl extends 
ManagerBase implements UserPas
             configs.put(getKey(namespace, SMTPMailSender.CONFIG_USE_AUTH), 
useAuth.toString());
             configs.put(getKey(namespace, SMTPMailSender.CONFIG_USERNAME), 
username);
             configs.put(getKey(namespace, SMTPMailSender.CONFIG_PASSWORD), 
password);
+            configs.put(getKey(namespace, SMTPMailSender.CONFIG_USE_STARTTLS), 
useStartTLS.toString());
+            configs.put(getKey(namespace, 
SMTPMailSender.CONFIG_ENABLED_SECURITY_PROTOCOLS), enabledSecurityProtocols);
 
             mailSender = new SMTPMailSender(configs, namespace);
         }

(cloudstack) branch 4.20 updated: server: add user.password.reset.smtp.useStartTLS and enabledSecurityProtocols for password reset (#11228)

Reply via email to