Description
This issue has been migrated from #15126.
I've run into a lot of confused admins recently, because the way we configure TLS for our e-mail sending is awful.
require_transport_security: trueenables Explicit TLS (STARTTLS).- at least 'require' accurately describes that we expect the server to offer a capability and require it to be there.
force_tls: trueenables Implicit TLS.forceis such a weird word to describe Implicit TLS.
I'd much rather see us adopt a single config option, tls_mode, with the following options:
explicitorstarttls— chosen by default if the port is 587 or 25.implicit— chosen by default if the port is 465.off— never chosen by default.- for other port numbers: require the admin to choose
In the best and most reasonable case, the admin would never need to touch this option(!) because basically everyone uses these standard ports!!!
A little bit of effort would be required to support the old options transitionally, but the documentation for this option could be much clearer — such as providing a table for admins that really need to configure e-mail on a random port (rather than having options with no obvious difference discernible from the name, even to e-mail experts). And most people would fall right into the 'well-known port? Automatic configuration' happy path!