Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow users to turn off TLS verification or use their own certs #2785

Open
ChristophWurst opened this issue Mar 23, 2020 · 12 comments
Open

Allow users to turn off TLS verification or use their own certs #2785

ChristophWurst opened this issue Mar 23, 2020 · 12 comments

Comments

@ChristophWurst
Copy link
Member

ChristophWurst commented Mar 23, 2020

Feature Request

As of #2782 TLS host verification is enabled by default. Admins can only disable it system-wide. It would be nice to have a user setting to disable it per account, so you can still have other accounts verified.

Summary

Make it possible to disable TLS verification on a user/account based instead of system-wide.


Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

@beccon4
Copy link

beccon4 commented Mar 24, 2020

If you want to return to the old insecure behavior, set app.mail.verify-tls-peer to true in config.php.<<
No - we have to set it to 0 (or false?) to get Mail to work with self signed certificates.

@ChristophWurst
Copy link
Member Author

my bad. it should be set to false of course

@ChristophWurst ChristophWurst changed the title Allow users to turn off TLS verification Allow users to turn off TLS verification or use their own certs Mar 30, 2020
@TeroKeso

This comment has been minimized.

@ChristophWurst

This comment has been minimized.

@TeroKeso

This comment has been minimized.

@ChristophWurst

This comment has been minimized.

@TeroKeso

This comment has been minimized.

@ChristophWurst

This comment has been minimized.

@TeroKeso

This comment has been minimized.

@ChristophWurst

This comment has been minimized.

@TeroKeso

This comment has been minimized.

@Cybnate
Copy link

Cybnate commented May 3, 2020

Ensuring the PHP path for cert location is set correctly may also help to keep TLS on assuming you have a signed root certificate for your imap server:

php -r "print_r(openssl_get_cert_locations());"

By default this is different from the default location for root certificates in Ubuntu

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants