Mbed TLS is now part of TrustedFirmware.org.

Using mbedTLS to send non encrypted emails

Aug 11, 2017 14:50
Sutton Mehaffey

Is there a way to configure mbedTLS to send emails to secure ports (like 465), but not use any encryption to speak of? Or, the minimum amount to make it work? Is there a bare minimum config.h configuration to make this work? I have my own TCP stack, and have had unsecured emails working perfectly for years (port 25), but am looking to use SSL/TLS to send email in some minimum capacity setup, but I haven't been successful yet. I'm having problems using pieces of the library, because it is so intertwined. Maybe, there is a way. I just haven't figured it out yet.


Aug 13, 2017 08:22
Ron Eldor

Hi Sutton,
using TLS means, using a secure connection, which defines the communication to be encrypted.
You should configure config.h to be have as minimal configurations as possible, per your requirements.
It is very much dependent if you plan to connect only to one smtp server, or several servers, since each server may have it's own cipher suite requirements.
Please look at some configuration file examples in the mbed TLS repository which could lead you to the direction of minimizing your configuration file per your needs
I would start by opting out all the features you do not need, and use only your supported cipher suite, and then adding all prerequisites of your definitions.
mbed TLS Team Member

Aug 14, 2017 14:38
Sutton Mehaffey


Thanks. I have reviewed those config.h settings and I have adjusted my file a little, as I didn't have many options set anyway. I'm only using one cipher (the mandatory one that all servers are 'supposed' to support). My application is unique in that my one email a day I need to send does not have to be secure at all. It's such a general email that security on any level is not an issue. That said, many servers have disallowed using port 25 (unsecured ports) for emails. So, I'm trying at the minimum effort to be able to use port 465 or other TLS/SSL port to send an email. I don't want to include anything that I don't have to in order to get it to work. Many servers don't support NULL ciphers, so that won't work either. It's open ended in that I don't know what server the user will send the email thru, so I need it to work with as many servers as possible. So, any ideas are appreciated. I am continuing to tweak and see if things work.


Jan 28, 2018 22:11
Fred Wedemeier

My small-footprint application -does- need to send encrypted email. Which cipher is the mandatory one that all servers are 'supposed' to support?