rails icon indicating copy to clipboard operation
rails copied to clipboard

Published 20 hours ago verified publisher icon rails

Recommend mandatory STARTTLS for Google

Open c960657 opened this issue 2 years ago • 4 comments

Summary

The Action Mailer guide recommends using opportunistic TLS (enable_starttls_auto: true) for connecting to smtp.google.com.

This setting is vulnerable to man-in-the-middle attacks. Google definitely supports STARTTLS, so this should be required using enable_starttls: true.

c960657 avatar Nov 04 '21 19:11 c960657

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

rails-bot[bot] avatar Feb 02 '22 20:02 rails-bot[bot]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

rails-bot[bot] avatar May 03 '22 23:05 rails-bot[bot]

@ghiculescu Is this one still good to be merged?

gregmolnar avatar Aug 04 '22 12:08 gregmolnar

I think so, but it needs to be reviewed by someone from the core or committer teams. They will get to it, it can jus take a little while. Thank you for keeping it open.

ghiculescu avatar Aug 04 '22 13:08 ghiculescu