property SSLCheckServerIdentity as %Boolean [ InitialExpression = 0 ];
When using email with Secure Socket Layer / Transport Layer Security, check the server identity in the certificate matches the name of the system we are connecting to.
This defaults to being OFF but it is recommended to enable.
If enabled it matches based on the rules layed out in section 3.1 of RFC 2818.
To use email with Secure Socket Layer / Transport Layer Security,
the SSLConfig field must contain the name of
an existing SSL/TLS Configuration of the Client type. You can create one using the
System Management Portal [Security Management] > [SSL/TLS Configurations] page.
If your SSL Configuration requires you to supply a password for the local private key file, specify it in
the Private key password property of the SSL/TLS Configuration.
When you specify a value in the SSLConfig field, the normal case is that
outbound email will open a socket on default port 465 and use SMTP over TLS/SSL.
The SSLConfig field also supports the special case when you want the server interaction
to begin on a normal TCP socket and then switch to SSL/TLS on the same port as the
normal socket. (RFC3207 provides the details.) In this case the default port is 25 for SMTP.
To use this convention, append '*' to your entry in the SSLConfig field;
for example: MySSLItem*