diff --git a/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml b/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
index bc905306a329703da5b4cb76bebb2965cd69951c..1c02393713384ef30d6423c55b31af3761b6ae3d 100644
--- a/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
+++ b/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
@@ -570,7 +570,7 @@ MAIL:
description: '<em>only with transport=smtp</em>: <server:port> of mailserver to connect to. <port> defaults to "25".'
transport_smtp_encrypt:
type: bool
- description: '<em>only with transport=smtp</em>: Connect to the server using a secured transport protocol.'
+ description: '<em>only with transport=smtp</em>: Connect to the server using SSL/TLS (disables STARTTLS which is used by default if supported by the server). Must not be enabled when connecting to port 587, as servers will use STARTTLS (inner encryption) via SMTP instead of SMTPS.'
transport_smtp_username:
type: text
description: '<em>only with transport=smtp</em>: If your SMTP server requires authentication, enter your username here.'
diff --git a/typo3/sysext/core/Documentation/Changelog/10.4.x/Important-91070-SMTPTransportOptionTransport_smtp_encryptChangedToBoolean.rst b/typo3/sysext/core/Documentation/Changelog/10.4.x/Important-91070-SMTPTransportOptionTransport_smtp_encryptChangedToBoolean.rst
new file mode 100644
index 0000000000000000000000000000000000000000..3a9273fa659cf684469f9645f044f51b26403556
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/10.4.x/Important-91070-SMTPTransportOptionTransport_smtp_encryptChangedToBoolean.rst
@@ -0,0 +1,29 @@
+.. include:: ../../Includes.txt
+
+=====================================================================================
+Important: #91070 - SMTP transport option 'transport_smtp_encrypt' changed to boolean
+=====================================================================================
+
+See :issue:`91070`
+
+Description
+===========
+
+With https://forge.typo3.org/issues/90295 the allowed value for
+:php:`$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_smtp_encrypt']` has been
+changed to a boolean value.
+
+symfony/mailer does no longer allow to specify the `STARTTLS` usage, as it will
+be used by default (if the server provides the needed support).
+
+Therefore, the SMTP encryption configuration setting
+:php:`$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_smtp_encrypt']` is
+automatically updated by the install tool's silent configuration upgrade.
+
+The configuration value `(string)tls` is removed to reflect that symfony/mailer
+expects `(bool)false` for `STARTTLS`. Other values like `(string)ssl` are
+converted too `(bool)true`.
+
+No migration is needed at all, as no deprecation is thrown.
+
+.. index:: LocalConfiguration, ext:core
diff --git a/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php b/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
index 3e51c11a092b74b7d93abc1dccb5b0e263e12006..5f076055f15855c0ec63f776c10a973bc1f8e981 100644
--- a/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
+++ b/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
@@ -189,6 +189,7 @@ class SilentConfigurationUpgradeService
$this->migrateSaltedPasswordsSettings();
$this->migrateCachingFrameworkCaches();
$this->migrateMailSettingsToSendmail();
+ $this->migrateMailSmtpEncryptSetting();
// Should run at the end to prevent obsolete settings are removed before migration
$this->removeObsoleteLocalConfigurationSettings();
@@ -1095,7 +1096,7 @@ class SilentConfigurationUpgradeService
{
$confManager = $this->configurationManager;
try {
- $transport = (array)$confManager->getLocalConfigurationValueByPath('MAIL/transport');
+ $transport = $confManager->getLocalConfigurationValueByPath('MAIL/transport');
if ($transport === 'mail') {
$confManager->setLocalConfigurationValueByPath('MAIL/transport', 'sendmail');
$confManager->setLocalConfigurationValueByPath('MAIL/transport_sendmail_command', (string)@ini_get('sendmail_path'));
@@ -1105,4 +1106,38 @@ class SilentConfigurationUpgradeService
// no change inside the LocalConfiguration.php found, so nothing needs to be modified
}
}
+
+ /**
+ * Migrates MAIL/transport_smtp_encrypt to a boolean value
+ * See #91070, #90295, #88643 and https://github.com/symfony/symfony/commit/5b8c4676d059
+ */
+ protected function migrateMailSmtpEncryptSetting()
+ {
+ $confManager = $this->configurationManager;
+ try {
+ $transport = $confManager->getLocalConfigurationValueByPath('MAIL/transport');
+ if ($transport === 'smtp') {
+ $encrypt = $confManager->getLocalConfigurationValueByPath('MAIL/transport_smtp_encrypt');
+ if (is_string($encrypt)) {
+ // SwiftMailer used 'tls' as identifier to connect with STARTTLS via SMTP (as usually used with port 587).
+ // See https://github.com/swiftmailer/swiftmailer/blob/v5.4.10/lib/classes/Swift/Transport/EsmtpTransport.php#L144
+ if ($encrypt === 'tls') {
+ // With TYPO3 v10 the MAIL/transport_smtp_encrypt option is passed as constructor parameter $tls to
+ // Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport
+ // $tls = true instructs to start a SMTPS connection – that means SSL/TLS via SMTPS, not STARTTLS via SMTP.
+ // That means symfony/mailer will use STARTTLS when $tls = false or ($tls = null with port != 465) is passed.
+ // Actually symfony/mailer will use STARTTLS by default now.
+ // Due to the misleading name (transport_smtp_encrypt) we avoid to set the option to false, but rather remove it.
+ // Note: symfony/mailer provides no way to enforce STARTTLS usage, see https://github.com/symfony/symfony/commit/5b8c4676d059
+ $confManager->removeLocalConfigurationKeysByPath(['MAIL/transport_smtp_encrypt']);
+ } else {
+ $confManager->setLocalConfigurationValueByPath('MAIL/transport_smtp_encrypt', true);
+ }
+ $this->throwConfigurationChangedException();
+ }
+ }
+ } catch (MissingArrayPathException $e) {
+ // no change inside the LocalConfiguration.php found, so nothing needs to be modified
+ }
+ }
}