muquit
Safe from STRIPTLS attacks?
Just a brief question: When using STARTTLS (the default) and the server signals that TLS is unavailable (which is what a MITM attacker mimics when performing the so called STRIPTLS attack), is there either
-
a way to tell mailsend-go to abort the connection (and not transmit the credentials and message) (I didn't spot such a config option)
-
or does mailsend-go automatically abort the connection in this case?
(neither of the above would be bad, I guess...)
Update: Here's an instructive discussion on serverfault related to this topic.
It uses golang's StartTLS implementation, so I suspect it will do the right thing. I didn't get a chance to test it however. If you have time, would you test and report it back? Thanks.
