oss-sec mailing list archives
Python standard library defaults to insecure TLS for mail protocols
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 1 Feb 2024 12:31:00 +0100
Hello, By default, the mail protocol functions in Python's standard library do not validate certificates for TLS connections. The API is surprising and unintuitive. This is not a new issue, but I was surprised to learn about it. Therefore, I'm sharing it here so more people know. Python provides functionality for the standard email protocols in its standard library. One can create a connection to an IMAP host like this: c = imaplib.IMAP4_SSL(host="example.com") Similar functions exist for pop3 and smtp. This code is insecure and vulnerable to man-in-the-middle attacks, as certificates are not checked. The secure version looks like this: c = imaplib.IMAP4_SSL(host="example.com", ssl_context=ssl.create_default_context()) (The parameter is sometimes called "ssl_context" and sometimes "context", depending on the protocol.) In my view this is not just an insecure default, but also very counterintuitive. Nothing about "ssl_context=ssl.create_default_context()" implies that this is about certificate checking. Furthermore, it is surprising and counterintuitive that you need a "default context" to enable something and that the "default context" is not the default. This is documented behavior [1]. There exists a discussion in the Python issue tracker [2] since April 2022. According to that, the same issue exists for NNTP and FTP functionality. It was discussed to change the default, but it hasn't happened yet. Python already had a previous discussion about enabling certificate validation by default in the standard library, but it was only done for HTTPS connections [3]. The PEP document says that this should be reviewed in the future for other protocols. The company Pentagrid has reached out to a large number of open source projects impacted by this, and wrote a blogpost [4]. Also relevant is RFC 8314, which contains guidelines for TLS connections in email protocols [5]. ("MUAs MUST validate TLS server certificates [...]") It targets client software, but I believe it is reasonable to apply the same standards to client APIs. [1] https://docs.python.org/3/library/ssl.html#ssl-security [2] https://github.com/python/cpython/issues/91826 [3] https://peps.python.org/pep-0476/ [4] https://www.pentagrid.ch/en/blog/python-mail-libraries-certificate-verification/ [5] https://datatracker.ietf.org/doc/html/rfc8314 -- Hanno Böck https://hboeck.de/
Current thread:
- Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 01)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols Steffen Nurpmeso (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Kurt H Maier (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Steffen Nurpmeso (Feb 02)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 01)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Daniel Kahn Gillmor (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Jeremy Stanley (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols Stuart D Gathman (Feb 02)