N°2696 - Upgrade SwiftMailer to v5.4.12 (Allow explicit tls1.0, tls1.1, tls1.2 for startTLS)

lib/swiftmailer/swiftmailer/CHANGES

@@ -1,6 +1,21 @@
 Changelog
 =========
 
+5.4.12 (2018-07-31)
+-------------------
+
+ * fixed typo
+
+5.4.11 (2018-07-31)
+-------------------
+
+ * fixed startTLS support for PHP 5.6-
+
+5.4.10 (2018-07-27)
+-------------------
+
+ * fixed startTLS only allowed tls1.0, now allowed: tls1.0, tls1.1, tls1.2
+
 5.4.9 (2018-01-23)
 ------------------
 

lib/swiftmailer/swiftmailer/VERSION

@@ -1 +1 @@
-Swift-5.4.9
+Swift-5.4.12

lib/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php

@@ -91,7 +91,16 @@ class Swift_Transport_StreamBuffer extends Swift_ByteStream_AbstractFilterableIn
 
     public function startTLS()
     {
-        return stream_socket_enable_crypto($this->_stream, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+        // STREAM_CRYPTO_METHOD_TLS_CLIENT only allow tls1.0 connections (some php versions)
+        // To support modern tls we allow explicit tls1.0, tls1.1, tls1.2
+        // Ssl3 and older are not allowed because they are vulnerable
+        // @TODO make tls arguments configurable
+        $cryptoType = STREAM_CRYPTO_METHOD_TLS_CLIENT;
+        if (PHP_VERSION_ID >= 50600) {
+            $cryptoType = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
+        }
+
+        return stream_socket_enable_crypto($this->_stream, true, $cryptoType);
     }
 
     /**