Skip to main content

Enable SMTP SSL Unsecure Connections on Newsletter Plugin

By April 1, 2016April 14th, 2016No Comments

Hello everybody!

Since PHP 5.6 SSL  (for the non tech-savvy that mean “secure connection between two servers”) connections are forcibly verified. What does this mean? Simple enough: the connection is not only ciphered but the two communicating servers can “validate” each other to determine if they’re who they’re claiming to be. For example, a secure connection to server not only should grant the exchanged data won’t be read by a third party but even that no others than us can state “I’m” while they’re not. You may be more comfortable with the HTTPS acronym, it’s (almost) the same concept.

The real problem comes up when people use SSL between their own servers without real SSL certificates to determine the peer identities. Connections are perfectly safe but PHP has no way to ensure it. And it refuses to connect. The same problem raises with connection between Newsletter plugin and SMTP servers when using SSL protocol without real certificates (often because the SMTP server is home-made without a real SSL certificate – the so called self-signed certificate).

To solve this “SSL connection fail” there is an option on Newsletter SMTP settings to bypass those checks by PHP on the peers identities when the blog owner is actually sure of them.

Tech details can be found in this page by the PHPMailer library author, which is used by WordPress.

This option is only used by Newsletter and it does not affect in any way any other plugins which use the WordPress PHPMailer library or WordPress itself.