Re: [Django] #26759: TLSv1-only SMTP servers not supported under Django 1.9.7 / Python 3.4.4 (win32) / OpenSSL 1.0.2d

[Django]

#26759: TLSv1-only SMTP servers not supported under Django 1.9.7 / Python 3.4.4
(win32) / OpenSSL 1.0.2d
-+-
 Reporter:  RudolfCardinal   |Owner:  nobody
 Type:  Bug  |   Status:  closed
Component:  Core (Mail)  |  Version:  1.9
 Severity:  Normal   |   Resolution:  wontfix
 Keywords:  email SMTP TLS SSL   | Triage Stage:
  SSLEOFError TLSv1  |  Unreviewed
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  1|UI/UX:  0
-+-
Changes (by timgraham):

 * status:  new => closed
 * needs_better_patch:   => 0
 * resolution:   => wontfix
 * needs_tests:   => 0
 * needs_docs:   => 0


Comment:

 This is the first I've heard of the problem, so I can't say myself that
 supporting old protocols is critically important for Django core. Feel
 free to raise it on the DevelopersMailingList. If there's consensus there
 to make a change in Django, we can reopen the ticket.

--
Ticket URL: <https://code.djangoproject.com/ticket/26759#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/072.bf2e132e7196a513ee8bbc7523ece09f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #26759: TLSv1-only SMTP servers not supported under Django 1.9.7 / Python 3.4.4 (win32) / OpenSSL 1.0.2d

[Django]

#26759: TLSv1-only SMTP servers not supported under Django 1.9.7 / Python 3.4.4
(win32) / OpenSSL 1.0.2d
-+-
 Reporter:  RudolfCardinal   |  Owner:  nobody
 Type:  Bug  | Status:  new
Component:  Core (Mail)  |Version:  1.9
 Severity:  Normal   | Resolution:
 Keywords:  email SMTP TLS SSL SSLEOFError   |   Triage Stage:
  TLSv1  |  Unreviewed
Has patch:  1|  Easy pickings:  1
UI/UX:  0|
-+-
Changes (by RudolfCardinal):

 * Attachment "smtp_email_backend_tls1.py" added.

 New e-mail backend forcing TLSv1

--
Ticket URL: <https://code.djangoproject.com/ticket/26759>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/072.fa7c587d876e8c3d7aa336db1a517481%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

[Django] #26759: TLSv1-only SMTP servers not supported under Django 1.9.7 / Python 3.4.4 (win32) / OpenSSL 1.0.2d

[Django]

#26759: TLSv1-only SMTP servers not supported under Django 1.9.7 / Python 3.4.4
(win32) / OpenSSL 1.0.2d
-+-
 Reporter:   |  Owner:  nobody
  RudolfCardinal |
 Type:  Bug  | Status:  new
Component:  Core |Version:  1.9
  (Mail) |   Keywords:  email SMTP TLS SSL SSLEOFError
 Severity:  Normal   |  TLSv1
 Triage Stage:   |  Has patch:  1
  Unreviewed |
Easy pickings:  1|  UI/UX:  0
-+-
 Connecting to a Microsoft (E)SMTP mail server with the Django default
 e-mail backend (django.core.mail.backends.smtp.EmailBackend) and TLS can
 fail with the following error:

 ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:600)

 This appears to occur with some (more recent) versions of Python's
 smtplib, ssl (and underlying OpenSSL) with servers that only support
 TLSv1. There is no option in Django to force the TLS protocol version that
 I can see.

 The simplest illustration of failure is with:

 import smtplib
 s = smtplib.SMTP(host, port)  # port typically 587
 s.ehlo()
 s.starttls()  # fails with ssl.SSLEOFError as above

 which succeeds (with such servers) with a small modification to force
 TLSv1:

 import smtplib
 import ssl
 s = smtplib.SMTP(host, port)
 c = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
 s.ehlo()
 s.starttls(context=c)  # works

 There is a suggestion of a dependence on exact OpenSSL version in the docs
 at https://docs.python.org/3.4/library/ssl.html ("Which connections
 succeed will vary depending on the version of OpenSSL...").

 Therefore, a proposed framework alternative backend is one that enforces
 TLSv1 when required, e.g. as attached. This can be selected with Django's
 EMAIL_BACKEND setting, so can be added by users, but I'd have thought that
 continuing to support such servers is important for the Django core
 project as well.

 Test software: Django 1.9.7; Python 3.4.4 (win32) using OpenSSL 1.0.2d
 (from ssl.OPENSSL_VERSION). Test server: Microsoft SMTP Server id 8.3.83.0
 (from resulting e-mail headers).

--
Ticket URL: <https://code.djangoproject.com/ticket/26759>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/057.759361bb387bed8bf108185c56f91f24%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.