Foundry376/Mailspring
1
1
Fork 0
mirror of https://github.com/Foundry376/Mailspring.git synced 2024-09-22 08:16:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
Mailspring/packages
History
Christine Spang cfe2971c2e [*] Revamp SSL options (including user-facing) 
Summary:
Previously, the generic IMAP auth screen presented one security option to
users: "Require SSL". This was ambiguous and difficult to translate into
the correct security options behind the scenes, causing confusion and problems
connecting some accounts.

This patch does the following:
* Separates security settings for IMAP and SMTP, as these different protocols
  may also require different SSL/TLS settings

* Reworks the generic IMAP auth page to allow specifying security settings
  with higher fidelity. We looked at various different email apps and decided
  that the best solution to this problem was to allow more detailed
  specification of security settings and to ease the burden of more options
  by having sane defaults that work correctly in the majority of cases.
  This new screen allows users to pick from "SSL / TLS", "STARTTLS", or "none"
  for the security settings for a protocol, and also to instruct us that
  they're OK with us using known insecure SSL settings to connect to their
  server by checking a checkbox.

  We default to port 993 / SSL/TLS for IMAP and port 587 / STARTTLS for SMTP.
  These are the most common settings for providers these days and will work
  for most folks.

* Significantly tightens our default security. Now that we can allow folks to
  opt-in to bad security, by default we should protect folks as best we can.

* Removes some now-unnecessary jank like specifying the SSLv3 "cipher"
  in some custom SMTP configs. I don't think this was actually necessary
  as SSLv3 is a protocol and not a valid cipher, but these custom
  configs may have been necessary because of how the ssl_required flag was
  linked between IMAP and SMTP before (and thus to specify different
  settings for SMTP you'd have to override the SMTP config).

* Removes hard-coding of Gmail & Office365 settings in several
  locations. (This was a major headache while working on the patch.)

This depends on version 2.0.1 of imap-provider-settings, which has major
breaking changes from version 1.0. See commit for more info:
9851054f91

Among other things, I did a serious audit of the settings in this file and
"upgraded" a few servers which weren't using the SSL-enabled ports for their
provider to the secure ones. Hurray for nmap and openssl.

Test Plan: manual

Reviewers: evan, mark, juan, halla

Reviewed By: juan, halla

Differential Revision: https://phab.nylas.com/D4316
2017-04-05 17:49:43 -07:00
..
client-app [*] Revamp SSL options (including user-facing) 2017-04-05 17:49:43 -07:00
client-sync [client-sync] Fix syncWorker arg 2017-04-05 15:44:13 -07:00
isomorphic-core [*] Revamp SSL options (including user-facing) 2017-04-05 17:49:43 -07:00
README.md [*] Rename postinstall.js -> postinstall.es6 2017-02-21 15:55:08 -08:00

README.md

Monorepo Packages

Each folder here is designed to act as its own repository. For development convenience, they are all included here in one monorepo. This allows us to grep across multiple codebases, not use submodules, and keep a unified commit history.

We use Lerna to manage the monorepo and tie them all together with the main nylas-mail-all/scripts/postinstall.es6 script, which in turn, calls lerna bootstrap