CODEWITHSUNDEEP
c++windowsemailwinsock2tls1.2
shmoo
shmoo

Reputation: 11

What data must be sent after sending a STARTTLS command to an email server

I am writing an email client in C++ using the Winsock2 API to send emails via SMTP from a Gmail account. I am not using any other third party libraries.

I have connected to the Gmail server on port 587 (for TLS) and sent the basic EHLO and STARTTLS commands, but my question is this, what data should I specifically send after I have sent the STARTTLS command?

This is the server output for clarity:

This is the server output for clarity

Obviously the TLS handshake goes after the STARTTLS command, but what is the first and subsequent pieces of data that must be sent during the TLS handshake? From what I've read it should be binary data exchanging security certificates etc but I could not find specifically what data should be sent first.

I have searched numerous similar questions to this but I haven't found an answer that has said the specific data that must be sent after STARTTLS. I am aware of the existence of OpenSSL and I am not going to accept any answers telling my to install it instead.

Upvotes: 1

Views: 2072

Answers (1)

Remy Lebeau
Remy Lebeau

Reputation: 597051

The semantics and processing rules of the SMTP STARTTLS command are documented in RFC 3207.

After you have received a successful 220 response to the STARTTLS command, you must then begin a TLS handshake to establish encryption with which to encrypt/decrypt subsequent SMTP commands/responses. Upon completion of the handshake, the SMTP state is reset, so you must issue a new (now encrypted) EHLO command, and then proceed with your remaining (encrypted) SMTP commands as needed.

MSDN documents a high-level overview of the Transport Layer Security Protocol, with step-by-step instructions for the TLS Handshake Protocol. The specific details of each step are documented in Section 7 of RFC 2246 (TLS 1.0), RFC 4346 (TLS 1.1), and RFC 5246 (TLS 1.2).

So, unless you are planning on implementing TLS from scratch (please don't !!), you need to use a third-party library, such as OpenSSL, or you can use Microsoft's Secure Channel API, to handle the TLS handshake and subsequent encryption for you.

Upvotes: 3

Related Questions