From fe22deb5d5e301ffad51be06000effcbbcd1d11c Mon Sep 17 00:00:00 2001
From: Jakub Senko <jakubsenko@gmail.com>
Date: Mon, 8 Apr 2019 14:36:26 +0200
Subject: [PATCH] [ticket/15961] Use newer TLS in SMTP

PHPBB3-15961
---
 phpBB/includes/functions_messenger.php | 12 +++++++++++-
 phpBB/language/en/acp/board.php        |  4 ++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php
index 4f0d40031d..f89637e286 100644
--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@@ -1582,6 +1582,14 @@ class smtp_class
 	*/
 	protected function starttls()
 	{
+		global $config;
+
+		// allow SMTPS (what was used by phpBB 3.0) if hostname is prefixed with tls:// or ssl://
+		if (strpos($config['smtp_host'], 'tls://') === 0 || strpos($config['smtp_host'], 'ssl://') === 0)
+		{
+			return true;
+		}
+
 		if (!function_exists('stream_socket_enable_crypto'))
 		{
 			return false;
@@ -1604,7 +1612,9 @@ class smtp_class
 
 		if (socket_set_blocking($this->socket, 1))
 		{
-			$result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+			// https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122
+			$crypto = (phpbb_version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+			$result = stream_socket_enable_crypto($this->socket, true, $crypto);
 			socket_set_blocking($this->socket, (int) $stream_meta['blocked']);
 		}
 
diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php
index eb53ac0370..2ce8fefd46 100644
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@@ -587,8 +587,8 @@ $lang = array_merge($lang, array(
 	'SMTP_POP_BEFORE_SMTP'			=> 'POP-BEFORE-SMTP',
 	'SMTP_PORT'						=> 'SMTP server port',
 	'SMTP_PORT_EXPLAIN'				=> 'Only change this if you know your SMTP server is on a different port.',
-	'SMTP_SERVER'					=> 'SMTP server address and protocol',
-	'SMTP_SERVER_EXPLAIN'			=> 'Note that you have to provide the protocol that your server uses. If you are using SSL, this has to be "ssl://your.mailserver.com"',
+	'SMTP_SERVER'					=> 'SMTP server address',
+	'SMTP_SERVER_EXPLAIN'			=> 'Note that you must not provide the protocol that your server uses (no <samp>ssl://</samp> or <samp>tsl://</samp> prefix).',
 	'SMTP_SETTINGS'					=> 'SMTP settings',
 	'SMTP_USERNAME'					=> 'SMTP username',
 	'SMTP_USERNAME_EXPLAIN'			=> 'Only enter a username if your SMTP server requires it.',