use Net::SMTPS for specifying ssl version v1

By Kiran on April 26, 2016 12:35 PM

I am migrating a couple of my domains from mandrill to sparkpost
Net::SMTP by default uses SSLv3 which is not allowed by many providers due to the poodle vulnerability . I had a problem with sparkpost API and had to use Net::SMTPS which is a wrapper for Net::SMTP and you can specify the SSL version.



#!/usr/bin/perl 

use strict;

use warnings;

use Net::SMTPS;

use Data::Dumper;

my $USERNAME = 'SMTP_Injection';

my $PASSWORD = '';

my $smtps = Net::SMTPS->new("smtp.sparkpostmail.com", Port => 587,  doSSL => 'starttls', SSL_version=>'TLSv1');

$smtps->auth ( $USERNAME, $PASSWORD ) or DIE("Could not authenticate with gmail.\n");

#$smtps->mail('');  

$smtps->mail('no-reply@tabletennismatch.com');

$smtps->to('hello@gmail.com');

    my $msg =

        "Subject: Test\r\n".

        'To: hello@yourdomain.com'."\r\nFrom: ".'no-reply@tabletennismatch.com'."\r\n\r\n Hello From the other side";



$smtps->data();

$smtps->datasend( $msg );

$smtps->dataend();

$smtps->quit;

1 comment

1 Comment

rjbs.manxome.org | May 14, 2016 6:36 PM | Reply

I think you should be able to use Net::SMTP (not SMTPS) and:

$smtp = Net::SMTP->new( ... SSL_version=> 'TLSv1', );

Inspection of the source of Net::SMTP v3.08 suggests this is correct. Is there a practical problem?

Name

Email Address

URL

Remember personal info?

Comments (You may use HTML tags for style)

About Kiran

I blog about Perl.

More info »

Kiran