rails
rails copied to clipboard
Recommend mandatory STARTTLS for Google
Summary
The Action Mailer guide recommends using opportunistic TLS (enable_starttls_auto: true
) for connecting to smtp.google.com.
This setting is vulnerable to man-in-the-middle attacks. Google definitely supports STARTTLS, so this should be required using enable_starttls: true
.
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
@ghiculescu Is this one still good to be merged?
I think so, but it needs to be reviewed by someone from the core or committer teams. They will get to it, it can jus take a little while. Thank you for keeping it open.