Using msmtp with OpenSSL is discouraged, please use GnuTLS


It is recommended to use msmtp with GnuTLS instead of OpenSSL. The upcoming version of msmtp will not use OpenSSL automatically anymore, and if you choose it manually, you will get a warning.

The reason for this is that the OpenSSL-related code in msmtp is essentially unmaintained. I don't work on it myself anymore, and the last time somebody sent a patch was 8 years ago. As a result, if you use msmtp with OpenSSL today, you don't get support for TLS SNI, --tls-priorities, --tls-crl-file, or --tls-min-dh-prime-bits.

The code is hard to read, maintain, and improve due to severe limitations in the usability and documentation of the OpenSSL API. A few examples:

Complexity is the enemy of security. I have given up on OpenSSL years ago and will not work to improve and update the OpenSSL-related code in msmtp. If someone wants to do that work, I will accept patches, but I will continue to recommend using GnuTLS instead. If the OpenSSL support in msmtp remains in its current state, it will eventually be removed.