What are the SMTP Curl command-line arguments to support GMail TLS / STARTTLS vs. SSL


I am using Curl.exe in an application to send emails. I need to support most major email servers. GMail exposes the following ports and Authentication methods.

  • TLS/STARTTLS (sometimes called Explicit TLS): uses port 587
  • SSL (sometimes called Implicit TLS): uses port 465

I have gotten the Explicit TLS to work using the following command line:

C:\>curl smtp://smtp.gmail.com:587 -v --mail-from "[email protected]" --mail-rcpt
"[email protected]" --ssl -u [email protected]:password -T "c:\test.txt" -k --anyauth

I have tried the following to get ImplicitTLS to work, but it is not.

C:\>curl smtp://smtp.gmail.com:465 -v --mail-from "[email protected]" --mail-rcpt
"[email protected]" --ssl -u [email protected]:password -T "c:\test.txt" -k --anyauth

What are the proper command line parameters to get SSL/Implicit TLS to work?

Use smtps:// for SMTPS (i.e. SMTP on top of an existing SSL/TLS connection).

This works:

curl smtps://smtp.gmail.com:465 -v

I would also use --ssl-reqd for the explicit STARTTLS connection to make sure SSL/TLS is used when you expect it to be (downgrade attacks would be possible otherwise).

Don't use -k either, check the server certificate: see http://curl.haxx.se/docs/sslcerts.html