From a66d4ff72cec094b729257443180f076081f4fa4 Mon Sep 17 00:00:00 2001
From: James Hillyerd <james@hillyerd.com>
Date: Sat, 5 May 2018 10:53:50 -0700
Subject: [PATCH] Created Configuring TLS (markdown)

---
 Configuring-TLS.md | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 Configuring-TLS.md

diff --git a/Configuring-TLS.md b/Configuring-TLS.md
new file mode 100644
index 0000000..8ba5fb2
--- /dev/null
+++ b/Configuring-TLS.md
@@ -0,0 +1,44 @@
+# Enabling support for the SMTP STARTTLS
+
+This adds support for opportunistic TLS connections for SMTP-only. Clients that follow the RFC of:
+```
+  S: 220 inbucket Inbucket SMTP ready
+  C: EHLO openssl.client.net
+  S: 250-Great, let's get this show on the road
+  S: 250-8BITMIME
+  S: 250-STARTTLS
+  S: 250 SIZE 10240000
+  C: STARTTLS
+  S: 220 STARTTLS
+  C: <starts TLS negotiation>
+  C & S: <negotiate a TLS session>
+  C & S: <check result of negotiation>
+  C: EHLO nowhere.tld
+  . . .
+```
+This feature is **disabled** by default.
+
+## Setup
+To generate x509 certs:
+```bash
+$ openssl req -x509 -sha256 -newkey rsa:2048 -keyout certificate.key -out certificate.crt -days 1024 -nodes
+```
+Run inbucket with TLS Enabled (the default private key is **cert.key** and default public key is **cert.crt**) -- you can change these with environmental variable also:
+```bash
+$ INBUCKET_SMTP_TLSENABLED=true ./inbucket 
+```
+To use openssl's s_client for testing:
+```bash
+$ cat << EOF | openssl s_client -tls1_2 -starttls smtp -crlf -connect 127.0.0.1:2500 -ign_eof
+ehlo nowhere.tld
+mail from: <me@me.me>
+rcpt to: <you@you.you>
+data
+Subject: Hello
+
+This is the body
+
+.
+QUIT
+EOF
+```