Bug 25355

Summary: allow to require "TLS/SSL only" for outgoing mails of your SMTPAppender
Product: Log4j - Now in Jira Reporter: Ralf Hauser <hauser>
Component: AppenderAssignee: log4j-dev <log4j-dev>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: P3    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: other   
Bug Depends on:    
Bug Blocks: 49563    
Attachments: Adds SMTPProtocol and SMTPPort properties to SMTPAppender

Description Ralf Hauser 2003-12-09 09:15:07 UTC
If my application sends out sensitive info about a severe/fatal application
state via log4j, I don't want eavesdropping attackers to learn about that!


see also Bug 24969  for an RFE re SMTP AUTH
Comment 1 Ralf Hauser 2005-04-25 17:47:54 UTC
Good news is that the current JavaMail API 1.3.2 Release now supports STARTTLS!

There remains one minor issue that for doing so, you most likely need to change
the trust-store for your entire JVM
(http://forum.java.sun.com/thread.jspa?threadID=615422).
Comment 2 Thorbjørn Ravn Andersen 2008-08-03 03:33:34 UTC
This would be good to have as Google Mail requires this to be used as a SMTP server.

Has anybody made this work yet?
Comment 3 Ralf Hauser 2008-08-06 05:21:50 UTC
bug 45053 might have some code relevant for this
Comment 4 Curt Arnold 2008-08-06 07:33:47 UTC
Clearing NEEDINFO.

Any code involving encryption must be reviewed for export issues prior to committing to the SVN.  Any code on this issue should be attached as a patch first and reviewed by the PMC before committing.   See http://www.apache.org/dev/crypto.html.
Comment 5 Curt Arnold 2008-10-08 15:24:41 UTC
Created attachment 22697 [details]
Adds SMTPProtocol and SMTPPort properties to SMTPAppender

Set SMTPProtocol to smtps to use SMTP+SSL.
Comment 6 Curt Arnold 2008-10-09 14:14:03 UTC
After soliciting comments from legal-discuss, committed patch in rev 703261.