N°2696 - Upgrade SwiftMailer to v5.4.12 (Allow explicit tls1.0, tls1.1, tls1.2 for startTLS)

composer.json

@@ -15,7 +15,7 @@
     "pear/archive_tar": "1.4.7",
     "pelago/emogrifier": "2.1.0",
     "scssphp/scssphp": "1.0.0",
-    "swiftmailer/swiftmailer": "5.4.9",
+    "swiftmailer/swiftmailer": "5.4.12",
     "symfony/console": "3.4.*",
     "symfony/dotenv": "3.4.*",
     "symfony/framework-bundle": "3.4.*",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "3e50fd37b5b556cc901aca65fedac985",
+    "content-hash": "fad30bc7d8ddf9c9cb9c70ab7c3ce385",
     "packages": [
         {
             "name": "combodo/tcpdf",
@@ -698,16 +698,16 @@
         },
         {
             "name": "swiftmailer/swiftmailer",
-            "version": "v5.4.9",
+            "version": "v5.4.12",
             "source": {
                 "type": "git",
                 "url": "https://github.com/swiftmailer/swiftmailer.git",
-                "reference": "7ffc1ea296ed14bf8260b6ef11b80208dbadba91"
+                "reference": "181b89f18a90f8925ef805f950d47a7190e9b950"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/7ffc1ea296ed14bf8260b6ef11b80208dbadba91",
-                "reference": "7ffc1ea296ed14bf8260b6ef11b80208dbadba91",
+                "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/181b89f18a90f8925ef805f950d47a7190e9b950",
+                "reference": "181b89f18a90f8925ef805f950d47a7190e9b950",
                 "shasum": ""
             },
             "require": {
@@ -748,7 +748,7 @@
                 "mail",
                 "mailer"
             ],
-            "time": "2018-01-23T07:37:21+00:00"
+            "time": "2018-07-31T09:26:32+00:00"
         },
         {
             "name": "symfony/cache",

lib/composer/installed.json

@@ -717,17 +717,17 @@
     },
     {
         "name": "swiftmailer/swiftmailer",
-        "version": "v5.4.9",
-        "version_normalized": "5.4.9.0",
+        "version": "v5.4.12",
+        "version_normalized": "5.4.12.0",
         "source": {
             "type": "git",
             "url": "https://github.com/swiftmailer/swiftmailer.git",
-            "reference": "7ffc1ea296ed14bf8260b6ef11b80208dbadba91"
+            "reference": "181b89f18a90f8925ef805f950d47a7190e9b950"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/7ffc1ea296ed14bf8260b6ef11b80208dbadba91",
-            "reference": "7ffc1ea296ed14bf8260b6ef11b80208dbadba91",
+            "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/181b89f18a90f8925ef805f950d47a7190e9b950",
+            "reference": "181b89f18a90f8925ef805f950d47a7190e9b950",
             "shasum": ""
         },
         "require": {
@@ -737,7 +737,7 @@
             "mockery/mockery": "~0.9.1",
             "symfony/phpunit-bridge": "~3.2"
         },
-        "time": "2018-01-23T07:37:21+00:00",
+        "time": "2018-07-31T09:26:32+00:00",
         "type": "library",
         "extra": {
             "branch-alias": {

lib/swiftmailer/swiftmailer/CHANGES

@@ -1,6 +1,21 @@
 Changelog
 =========
 
+5.4.12 (2018-07-31)
+-------------------
+
+ * fixed typo
+
+5.4.11 (2018-07-31)
+-------------------
+
+ * fixed startTLS support for PHP 5.6-
+
+5.4.10 (2018-07-27)
+-------------------
+
+ * fixed startTLS only allowed tls1.0, now allowed: tls1.0, tls1.1, tls1.2
+
 5.4.9 (2018-01-23)
 ------------------
 

lib/swiftmailer/swiftmailer/VERSION

@@ -1 +1 @@
-Swift-5.4.9
+Swift-5.4.12

lib/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php

@@ -91,7 +91,16 @@ class Swift_Transport_StreamBuffer extends Swift_ByteStream_AbstractFilterableIn
 
     public function startTLS()
     {
-        return stream_socket_enable_crypto($this->_stream, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+        // STREAM_CRYPTO_METHOD_TLS_CLIENT only allow tls1.0 connections (some php versions)
+        // To support modern tls we allow explicit tls1.0, tls1.1, tls1.2
+        // Ssl3 and older are not allowed because they are vulnerable
+        // @TODO make tls arguments configurable
+        $cryptoType = STREAM_CRYPTO_METHOD_TLS_CLIENT;
+        if (PHP_VERSION_ID >= 50600) {
+            $cryptoType = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
+        }
+
+        return stream_socket_enable_crypto($this->_stream, true, $cryptoType);
     }
 
     /**