Finding Out Which Encryption Protocol Our Cake Emailer Uses

Hi there,

Our website host has said that it will no longer support certain email encryption protocols. Here is the message:

"This is a last reminder that we will stop support for the outdated encryption protocols TLS 1.0 and 1.1 on 17 August 2021. After this date, you will no longer be able to send or receive email, when using an older operating system or client that doesn’t support TLS 1.2 or higher.

To avoid any interruptions, please remember to update your device, change your email settings, or start using a browser-based email solution such as Webmail."

Our Outlook is fine, as it is updated. But I am concerned about the Cake Emailer that sends email directly from our website. When a customer registers on our website, or places an order, the website sends an automatic email to them.

I am concerned that this will stop working after this new encryption protocol comes into force.

Can anyone help me check if the Cake Emailer version we are using will be compatible with the new protocol?

I understand that this is a probably a bit of a stupid question, but our developer has gone AWOL, and this is something I’d like to be able to check before 17th August.

The website was originally built around 2016, if that is of any help.

Thanks so much for any help anyone can offer. I really appreciate it. Thanks!

Do you know what versions of CakePHP and PHP are you using?

And the configuration for the connection to the mail/smtp server?

AFAIK if using the default tls options should work, or if it doesn’t use tls at all, you should not have any problem.

Hi there Raul, thanks so much for replying, I really appreciate the help.

I found a Version.txt file that said version number as follows: @since CakePHP™ v 0.2.9

The host says the PHP version is 7.4.

I’m not sure where to find details of the configuration to the mail/smtp server - I’ll keep looking though. I’m reluctant to do too much digging inside the files though, as I don’t really know what I’m doing, or indeed what I’m looking for!

I think its CakePHP v2.0.9 (or maybe 2.9.0?)

Acording to the docs check if there is a file like app/Config/email.php (maybe your app is (in?) webroot/wwwroot/htdocs). If there is, check if there is tls anywhere and maybe change to true and test send an email from the website.

Also acording to the docs: TLS was added in 2.3 (scroll up a little)

So my guess is that your site is NOT using TLS, but is fine because on mostly all hosts, communication between localhost is not required to be in TLS.

Hi Raul,

Again, thanks so much for your help!

Regarding the version number, I copied that directly from the “Version.txt” so I’m not sure what’s going on there. I admit, I thought it looked a bit strange too.

I looked inside the file manager and I found that file that you mentioned - app/config/email.php

TLS isn’t mentioned anywhere in the file itself, so I am assuming that we’re not using it.

I was in touch with the website host, and they are saying that the upgrade in the protocol should affect IMAP only, so not SMTP.

So would I be correct in assuming that because the Emailer uses SMTP, it won’t be affected by the change in protocol from TLS 1.0 to TLS 1.2?

Really appreciate you answering these questions, it’s so helpful and kind of you

Correct, All outgoing email is through SMTP or the mail function.

There are ways to use TLS with SMTP but AFAIK mostly on localhost is not enabled/required by default. Only required for external connections (like an Outlook client)

Yes Raul, that’s what I’m hoping is the case!

I guess find out next Tuesday either way - as that is the day that the upgrade is scheduled to occur! I would just like to know for certain ahead of time, so if we do need to do anything, I could find a developer now, rather than racing around looking for one after the emails stop working!

As I mentioned before, the developer who built the site for us originally is regularly uncontactable, and we have struggled to find someone reliable to fill in for him. He’s a good developer, but he’s just often not around when you need him!

But please let me reiterate my appreciation for taking a look at this - it really is very kind of you.

Thanks!!

Just a quick hot take from me:

If you send unencrypted mails via smtp or basic php mail then this TLS warning doesnt affect you at all.

If you send encrypted mails via smtp then you only need to check your SMTP server of it can support TLS 1.2 or higher (which it most likely should). SMTP Server address should be somewhere in the config with username and password.

What version of TLS is used is configured in the php.ini and openssl software installed on your hosting server operating system which you don’t need to worry about.

Hi there Kevin,

I really appreciate you chipping in - I will take any quick hot takes I can get!

I’m so grateful for the help I’ve received here.

I got an email from our host last night saying that as long as the website uses basic PHP mail or SMTP, it should be fine - which is precisely what you said too Kevin.

The host also said that as long as the SMTP is not used with “the SSL or TLS option”, we should be fine.

I have checked the email.php file that Raul mentioned above, and I can’t see any mention of SSL or TLS, so I’m really hoping that everything is ok.

I have included a copy of the file contents below (with the sensitive stuff removed) - if anyone can spot anything in there that might contradict my assumption that we’re ok, I would be sooo grateful if you can let me know!

Can’t thank you guys enough!

<?php /** * * * CakePHP(tm) : Rapid Development Framework (http://cakephp.org) * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) * * Licensed under The MIT License * For full copyright and license information, please see the LICENSE.txt * Redistributions of files must retain the above copyright notice. * * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) * @link http://cakephp.org CakePHP(tm) Project * @package app.Config * @since CakePHP(tm) v 2.0.0 * @license http://www.opensource.org/licenses/mit-license.php MIT License */ /** * This is email configuration file. * * Use it to configure email transports of CakePHP. * * Email configuration class. * You can specify multiple configurations for production, development and testing. * * transport => The name of a supported transport; valid options are as follows: * Mail - Send using PHP mail function * Smtp - Send using SMTP * Debug - Do not send the email, just return the result * * You can add custom transports (or override existing transports) by adding the * appropriate file to app/Network/Email. Transports should be named 'YourTransport.php', * where 'Your' is the name of the transport. * * from => * The origin email. See CakeEmail::from() about the valid values * */ class EmailConfig { public $test = array( 'transport' => 'Debug', //'log' => true ); public $default = array( 'transport' => 'Mail', 'from' => 'you@localhost', //'charset' => 'utf-8', //'headerCharset' => 'utf-8', ); /* public $smtp = array( 'transport' => 'Smtp', 'from' => array('[. ]@[. ].co.uk' => '[. ]'), 'host' => 'send.one.com', 'port' => 465, 'timeout' => 30, 'username' => '[ ]@[ ] ', 'password' => '[ ]', 'client' => null, 'log' => false, //'charset' => 'utf-8', //'headerCharset' => 'utf-8', ); */ public $smtp = array( 'transport' => 'Smtp', 'from' => array('[ ]@[ ] ' => '[ ]'), 'host' => 'send.one.com', 'port' => 465, 'timeout' => 30, 'username' => '[ ]@[ ]', 'password' => '[ ]', 'client' => null, 'log' => false, //'charset' => 'utf-8', //'headerCharset' => 'utf-8', ); public $fast = array( 'from' => 'you@localhost', 'sender' => null, 'to' => null, 'cc' => null, 'bcc' => null, 'replyTo' => null, 'readReceipt' => null, 'returnPath' => null, 'messageId' => true, 'subject' => null, 'message' => null, 'headers' => null, 'viewRender' => null, 'template' => false, 'layout' => false, 'viewVars' => null, 'attachments' => null, 'emailFormat' => null, 'transport' => 'Smtp', 'host' => 'localhost', 'port' => 25, 'timeout' => 30, 'username' => 'user', 'password' => '[. ]', 'client' => null, 'log' => true, //'charset' => 'utf-8', //'headerCharset' => 'utf-8', ); }

I can’t tell for sure but in your $fast variable you define

    'transport'   => 'Smtp',
    'port'        => 25,

But in your $smtp variable you define

    'transport' => 'Smtp',
    'host'      => 'send.one.com',
    'port'      => 465,

25 is a port used for non encrypted mails but 465 (and 587) usually is used for encrypted emails.

According to How to access your One.com email account using IMAP is supports encrypted mails and according to Why does one.com stop support for TLS 1.0/1.1? – Support | one.com it also disabled TLS 1.0 and 1.1 support on 17. August

I guess one.com is your hoster so I don’t think you will have problems.

The other thing I just noticed is the fact, that you try to run an old CakePHP 2 app with PHP 7.4
Are you sure everything is going to work? Have you tried that in a local setup?

Hi Kevin,

Thanks once again for your comments - you’re really helping me out.

This configuration is what we have been using for some time - it is what is in use right now on the website.

We have been using PHP 7.4 for quite a long period of time now, and we haven’t had problems. As I said above though, our developer isn’t someone we can really get a hold of easily, and I wouldn’t be surprised if we had some issues in there.

I’m going to have to spend the weekend trying to chase him down, because I’m just not confident that this is going to go smoothly next Tuesday!

Yes, you’re correct by the way, One.com is the host. I was a little frustrated that their technicians didn’t seem to be able to take a look at the code themselves to check - but perhaps that isn’t something they are able to do.

Thanks for your input though - it is really appreciated!