Python Forum
Email and TLS only, how ? - Printable Version

+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: Email and TLS only, how ? (/thread-39370.html)

Email and TLS only, how ? - SpongeB0B - Feb-06-2023

Hi everyone,

I'm currently digging how to send email trough Python with TLS (only)

So it's kind of heavy reading
https://docs.python.org/3/library/ssl.html
https://docs.python.org/3.11/library/email.examples.html

I created a small SMTP server trough hMailServer for testing purpose.

Firstly I got error because of my Self-signed certificate.
But I've found a workaround there https://stackoverflow.com/a/62982729

So I'm using something like this to test. (and it work)
import ssl
from smtplib import SMTP_SSL

context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.verify_mode = ssl.CERT_OPTIONAL 
context.check_hostname = False
context.load_verify_locations(cafile='/pathTOmyCERT')

context.minimum_version = ssl.TLSVersion.TLSv1_3
context.maximum_version = ssl.TLSVersion.TLSv1_3


try:

	with SMTP_SSL("localhost", port=465, context=context) as asmtp:
		print(str(asmtp.noop()))

except Exception as error:
	print(error)
But when I will pass it live, I plan to not allow self-signed certificate. So what could be the best to ensure the highest security level ?

It's weird because the documentation claim for create_default_context(): https://docs.python.org/3/library/ssl.html#ssl.create_default_context
create_default_context() Wrote:The settings are chosen by the ssl module, and usually represent a higher security level than when calling the SSLContext constructor directly.

is that so ?

Because if
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.minimum_version = ssl.TLSVersion.TLSv1_3
context.maximum_version = ssl.TLSVersion.TLSv1_3
Only Allow TLS 1.3 What could be the benefits of create_default_context() ? and how to use it to only allow TLS 1.3 ?

Thanks.

RE: Email and TLS only, how ? - SpongeB0B - Feb-06-2023 

context = ssl.create_default_context(ssl.PROTOCOL_TLS_CLIENT)
is not working :/