Description

// https://github.com/symfony/mailer/blob/6.1/Transport/Smtp/EsmtpTransport.php#L136

if (!$stream->isTLS() && \defined('OPENSSL_VERSION_NUMBER') && \array_key_exists('STARTTLS', $this->capabilities)) {

That line will be true only if server reports that it has STARTTLS support, but during a man-in-the-middle attack one could remove this capability and communication would happen in cleartext.

It would be great if there was an option to enforce STARTTLS 🙏

Example

No response