smtplib and TLS

Tim Williams listserver at tdw.net
Sat Jun 18 09:23:13 EDT 2005 

----- Original Message ----- 
From: "Paul Rubin" "http://phr.cx"@NOSPAM.invalid


> "Matthias Kluwe" <mkluwe at gmail.com> writes:
> > Hmm. I tried
> >
> > server.sock.realsock.shutdown(2)
> > before server.quit() with the result of
>
> I don't think that's exactly what you want.  You need to send a
> specific TLS message BEFORE shutting down the socket, to tell the
> other end that the TLS connection is ending.  That tells the server
> that it shouldn't accept a TLS session resumption later.  The close
> notify message is required because if you don't send it, an attacker
> could truncate one of your TLS messages by cutting your connection.
>
> Basically the socket library's SSL implementation is pretty crude.
> You might try http://trevp.net/tlslite for a pure-Python
> implementation that's also still missing stuff, but is getting there.

I have found problems with the TLS built into smtplib when you are doing
something with sock elswhere in your app.
eg for me using [something].sock.settimeout(x)  or setting the default
timeout anywhere broke TLS in smtplib.

Have you verified that its your end that is broken,  not gmail's,  do other
servers give the same response ?    The following servers accept incoming
TLS on port 25

e32.co.us.ibm.com
mail.donkeyisland.com
smtp.myrealbox.com

And for quick tests you don't need to send an email (or authenticate),  just
use a NOOP after STARTTLS (and perhaps a RSET)  then QUIT  eg

server = smtplib.SMTP(hostname [,port])
server.set_debuglevel(1)
server.ehlo('x')
server.starttls()
server.ehlo('x')
server.noop()
server.rset()
server.quit()


Trevor's http://trevp.net/tlslite did the job nicely, solving my previous
TLS problems

(completely untested)

from tlslite.api import *
>
>
server = SMTP_TLS('smtp.gmail.com', 587)
server.set_debuglevel(1)
server.ehlo()
settings = HandshakeSettings()
server.starttls(settings=settings)
server.ehlo()
server.login('mkluwe at gmail.com', password)
server.sendmail("mkluwe at gmail.com", toaddress, message)
server.quit()

HTH :)

More information about the Python-list mailing list