Email and TLS only, how ?

[SpongeB0B]

Hi everyone,

I'm currently digging how to send email trough Python with TLS (only)

So it's kind of heavy reading
https://docs.python.org/3/library/ssl.html
https://docs.python.org/3.11/library/ema...mples.html

I created a small SMTP server trough hMailServer for testing purpose.

Firstly I got error because of my Self-signed certificate.
But I've found a workaround there https://stackoverflow.com/a/62982729

So I'm using something like this to test. (and it work)

import ssl
from smtplib import SMTP_SSL

context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.verify_mode = ssl.CERT_OPTIONAL 
context.check_hostname = False
context.load_verify_locations(cafile='/pathTOmyCERT')

context.minimum_version = ssl.TLSVersion.TLSv1_3
context.maximum_version = ssl.TLSVersion.TLSv1_3


try:

	with SMTP_SSL("localhost", port=465, context=context) as asmtp:
		print(str(asmtp.noop()))

except Exception as error:
	print(error)

But when I will pass it live, I plan to not allow self-signed certificate. So what could be the best to ensure the highest security level ?

It's weird because the documentation claim for create_default_context(): https://docs.python.org/3/library/ssl.ht...lt_context

The settings are chosen by the ssl module, and usually represent a higher security level than when calling the SSLContext constructor directly.

is that so ?

Because if

context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.minimum_version = ssl.TLSVersion.TLSv1_3
context.maximum_version = ssl.TLSVersion.TLSv1_3

Only Allow TLS 1.3 What could be the benefits of create_default_context() ? and how to use it to only allow TLS 1.3 ?

Thanks.

[SpongeB0B]

context = ssl.create_default_context(ssl.PROTOCOL_TLS_CLIENT)

is not working :/