Closed
Description
Description
// https://github.com/symfony/mailer/blob/6.1/Transport/Smtp/EsmtpTransport.php#L136
if (!$stream->isTLS() && \defined('OPENSSL_VERSION_NUMBER') && \array_key_exists('STARTTLS', $this->capabilities)) {That line will be true only if server reports that it has STARTTLS support, but during a man-in-the-middle attack one could remove this capability and communication would happen in cleartext.
It would be great if there was an option to enforce STARTTLS 🙏
Example
No response