Securing SMTP with wolfSSL using STARTTLS

STARTTLS is a way of protecting email communications from malicious users (insiders or otherwise) by upgrading a plaintext SMTP connection to one secured by SSL/TLS.  SMTP using STARTTLS allows encryption of emails in transit between email clients and servers. Without encryption email messages can easily be intercepted and read at any point between the sender and the receiver.

wolfSSL has had multiple inquiries about STARTTLS and how to use wolfSSL for the TLS encryption in this protocol. Due to the volume of inquiries over the past few months, we have added an example of using STARTTLS with wolfSSL to the wolfSSL example client. To try it out download wolfSSL from the wolfSSL download page.

Instructions to build and run the examples included with the library can be found at:


Below is a quick example of connecting to GMail’s SMTP server with the wolfSSL example client.  This will open a plaintext communication, use STARTTLS to convert to a SSL/TLS-encrypted channel, then close the connection.

Linux/Unix: ./examples/client/client -h -p 587 -M smtp -d
Windows: client.exe -h -p 587 -M smtp -d

-h specifies the host server to connect to (
-p specifies the port to connect on (587 for email submission)
-M tells the example client to use STARTTLS with protocol (smtp in this case)
-d tells the client not to authenticate the peer
( to do peer authentication you can download Google’s CA and replace -d option with: “-A /path/to/google-CA”)

If you have any questions or comments please contact wolfSSL at or visit the wolfSSL support forums.

– The wolfSSL Team