Display the SSL/STARTTLS cypher, protocol etc
Given that we just had a SSLv3 issue, I think it would be helpful if each mail can display the SSL/STARTTLS status, cypher, protocol etc with which the mail was sent. Google mail does this for example in the received lines (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128). Maybe something like this could be displayed as additional data for each mail.
We show emails “as is” and modification of user emails can influence on debugging process of our customers. To get info about SSL/STARTTLS you can by openssl application:
openssl s_client -starttls smtp -connect mailtrap.io:2525 -tls1 -crlf
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
We'd also like to see the authentication method, if any, that was used to transport the email to mailtrap. In particular, we want to ensure that our configuration is correct and that mailtrap did indeed receive the email using SSL/TSL.
Alexander Lehmann commented
Yes I know, I was considering the possibility to verify that a client chooses the correct cypther, I am not so much concerned with the server in this case.
I could do the same with the fakesmtp open source server, but that doesn't support tls currently :-(