3

I encountered the same problem mentioned here, and allowing insecure connections solved it, while nothing else did. Can you please inform me about what security issues I might face if i kept allowing these insecure connections?

Community
  • 1
  • 1
Samer Massad
  • 101
  • 1
  • 11
  • 1
    Using an unverified SSL certificate is probably as safe as not using SSL at all, unless you personally know that it can be trusted (e.g. it's self signed). – apokryfos Oct 04 '16 at 07:59

3 Answers3

10

I suggest this link:

PhpMailer not sending mails - TLS error?

if you have insecure connection troubles, let add this lines:

$mail->SMTPOptions = array(
        'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    )
);

It prevent certifies checking and so on.

Community
  • 1
  • 1
FOP
  • 962
  • 1
  • 10
  • 21
1

TLS fulfils two roles: authenticating who you're connecting to, and protecting data in transit. Disabling verification drops the former, but data is still encrypted in transit in exactly the same way as with a verified cert, so it is still substantially better than having no encryption.

The most obvious problem with disabling verification is that you lose the ability to detect interception of your connection. It's very common for ISPs to have a firewall config that redirects outbound SMTP connections to their own mail servers without telling you. If you don't verify the certificate, your script will not notice that it's connected to the wrong server, and will continue and submit your credentials (which will probably fail, since it's the wrong server) - but you've just submitted your ID and password to a man-in-the-middle, and you can't tell if it's your ISP or someone else intercepting your connection.

Synchro
  • 35,538
  • 15
  • 81
  • 104
1

A better option if you're having these issues and you know the certificate name that it's being translated to... instead of disabling this checking, you can explicitly add what names are acceptable.

$mail->SMTPOptions  = array(
        'ssl' => array(
          'peer_name' => <acceptable peer name>
));

So looking at the referenced example which through this error:

PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mail.dreamhost.com' did not match expected CN=mx1.sub4.homie.mail.dreamhost.com' in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php

You could set *.mail.dreamhost.com as an allowed name.

CHeil402
  • 11
  • 2