oss-sec mailing list archives
Python standard library defaults to insecure TLS for mail protocols
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 1 Feb 2024 12:31:00 +0100
Hello,
By default, the mail protocol functions in Python's standard library do
not validate certificates for TLS connections. The API is surprising
and unintuitive. This is not a new issue, but I was surprised to learn
about it. Therefore, I'm sharing it here so more people know.
Python provides functionality for the standard email protocols in its
standard library. One can create a connection to an IMAP host like this:
c = imaplib.IMAP4_SSL(host="example.com")
Similar functions exist for pop3 and smtp. This code is insecure and
vulnerable to man-in-the-middle attacks, as certificates are not
checked.
The secure version looks like this:
c = imaplib.IMAP4_SSL(host="example.com",
ssl_context=ssl.create_default_context())
(The parameter is sometimes called "ssl_context" and sometimes
"context", depending on the protocol.)
In my view this is not just an insecure default, but also very
counterintuitive. Nothing about
"ssl_context=ssl.create_default_context()" implies that this is about
certificate checking. Furthermore, it is surprising and
counterintuitive that you need a "default context" to enable something
and that the "default context" is not the default.
This is documented behavior [1].
There exists a discussion in the Python issue tracker [2] since April
2022. According to that, the same issue exists for NNTP and FTP
functionality. It was discussed to change the default, but it hasn't
happened yet.
Python already had a previous discussion about enabling certificate
validation by default in the standard library, but it was only done for
HTTPS connections [3]. The PEP document says that this should be
reviewed in the future for other protocols.
The company Pentagrid has reached out to a large number of open source
projects impacted by this, and wrote a blogpost [4].
Also relevant is RFC 8314, which contains guidelines for TLS
connections in email protocols [5]. ("MUAs MUST validate TLS server
certificates [...]") It targets client software, but I believe it is
reasonable to apply the same standards to client APIs.
[1] https://docs.python.org/3/library/ssl.html#ssl-security
[2] https://github.com/python/cpython/issues/91826
[3] https://peps.python.org/pep-0476/
[4]
https://www.pentagrid.ch/en/blog/python-mail-libraries-certificate-verification/
[5] https://datatracker.ietf.org/doc/html/rfc8314
--
Hanno Böck
https://hboeck.de/
Current thread:
- Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 01)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols Steffen Nurpmeso (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Kurt H Maier (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Steffen Nurpmeso (Feb 02)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 01)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Daniel Kahn Gillmor (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Jeremy Stanley (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols Stuart D Gathman (Feb 02)