Develop Reference

"Couldn't connect to host" occurs when trying to send mail from Gmail with Spring-Boot mail in Admin Server

I want to send mail as a reminder in Admin Server
But get this error:
com.sun.mail.util.MailConnectException: Couldn't connect to host, port: smtp.gmail.com, 587; timeout 20000
...
I have searched a lot online but still don't work
My Admin Server Application YAML configuration file:
spring:
security:
user:
name: admin
password: 123456
boot:
admin:
notify:
mail:
enabled: true
# receivers
to: xxx#outlook.com
ignore-changes: {"UNKNOWN:UP"}
# copy-to list
cc:
from: Spring Boot Admin<xxx#gmail.com>
# mail sender
mail:
host: smtp.gmail.com
port: 587
username: xxx#gmail.com
# with 2-factor authentication, we should get app password from Google
password: my-app-password
default-encoding: UTF-8
properties:
mail:
smtp:
connectiontimeout: 20000
timeout: 20000
writetimeout: 20000
starttls:
enable: true
required: true
auth: true
ssl:
enable: true
required: true
debug: true
server:
port: 8081
I config the settings with the help of this instruction
btw, 2-factor authentication is enabled with my Google account, so I followed this instruction to get my "app password"
But after I start my Admin Server application, and wait 20 second, the error appears
I have tried change port to 465, not working
I have tried spring.mail.properties.mail.smtp.socketFactory.port and configure it to 465, not working
I'm using Windows 11 and windows firewall has no Outbound rule against java, java platform, intelliJ idea, there're Inbound rules that block java and java(TM) platform, not working
With my config above, Admin Server should send a mail to xxx#outlook.com from xxx#gmail.com.

OpenSSL wrong version number in ruby rspec unit tests connecting to docker hashicorp vault

I'm receiving the following SSL error on my rake rspec unit tests when I try to connect to the vault on my docker container using HTTPS:
OpenSSL::SSL::SSLError:
SSL_connect returned=1 errno=0 state=error: wrong version number
We're using docker to load a local instance of a hashicorp vault
Here's the command I run to generate the TLS Certificates
RUN openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -subj "$SUBJ" -out /vault/certificates/tls/vault.crt \
-keyout /vault/certificates/tls/vault.key
When I log into the docker container and run openssl version I get:
/ # openssl version
OpenSSL 1.1.1k 25 Mar 2021
When I try to connect to the docker container from my local prompt, I get:
$ openssl s_client -connect 'localhost:8200'
CONNECTED(000001F0)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1620224762
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
26612:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:827:
When I run this command in my local irb I get:
irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
=> {:min_version=>769, :verify_mode=>1, :verify_hostname=>true, :options=>2147614804}
irb(main):003:0>
This is my vault configurations:
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/certificates/tls/vault.crt"
tls_key_file = "/vault/certificates/tls/vault.key"
}
Also, i noticed in the docker logs we have two listeners now:
Listener 1: tcp (addr: "0.0.0.0:1234", cluster address: "0.0.0.0:1235", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Listener 2: tcp (addr: "[::]:8200", cluster address: "[::]:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "enabled")
And my docker vault server startup command is:
vault server -config=/vault/config -dev-root-token-id=myroot -dev-listen-address=0.0.0.0:1234 -dev &
And i noticed in the logs its still seeing an http connection...
Error writing data to pki/root/generate/internal: Put https://127.0.0.1:1234/v1/pki/root/generate/internal: http: server gave HTTP response to HTTPS client
Error writing data to pki/config/urls: Put https://127.0.0.1:1234/v1/pki/config/urls: http: server gave HTTP response to HTTPS client
Error writing data to pki/roles/localhost: Put https://127.0.0.1:1234/v1/pki/roles/localhost: http: server gave HTTP response to HTTPS client
Error writing data to pki/issue/localhost: Put https://127.0.0.1:1234/v1/pki/issue/localhost: http: server gave HTTP response to HTTPS client
I'm kind of lost right now on how to handle this.

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed) while connecting to Paypal

I know there are lots of discussion regarding this error but sorry to say that I'm unable to find any working solution over there.
I'm developing a ecommerce site using ShareTribe.I'm trying to implement Paypal as payment gateway.So I'm using Activemerchant.
Everything works fine on development machine but when I deploy my rails app to production It throws
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
I'm initializing my Activemerchant as
config.after_initialize do
ActiveMerchant::Billing::Base.mode = :test
paypal_options = {
login: "bla bla",
password: "bla bla",
signature: "bla bla",
appid: "APP-80W284485P519543T"
}
::EXPRESS_GATEWAY = ActiveMerchant::Billing::PaypalExpressGateway.new(paypal_options)
end
Added HTTPS and Disabled SSLV3
After lots of googling I found that
SSLv3 was proven to be insecure with the POODLE vulnerability. You
should make sure that your system has the latest version of OpenSSL so
that you can use TLSv1.2.
So I disabled SSLV3 as shown below
openssl s_client -connect kickmarket.eu:443
CONNECTED(00000003)
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = www.kickmarket.eu
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = www.kickmarket.eu
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = www.kickmarket.eu
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.kickmarket.eu
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
...........................................
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.kickmarket.eu
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 2038 bytes and written 375 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 4D23F4A942AAD4264BE96EB5F1E62204269D882A64ACFBD2D139CD2F10A449A0
Session-ID-ctx:
Master-Key: 1E381DAA3BA90FE3609606716E7E9A2EB2E2F671E9F3C4005D8EBAE009103A7AB771FB2AC8B45F169F43CBD0AD352E06
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
..................................
Start Time: 1446132175
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
But after restarting nginx I got the same problem.Is there Any way to fix this issue.
Any suggestion will be appreciated.

This is most likely due to the upgrade to SHA256 certification. Please review the following documentation:
https://devblog.paypal.com/paypal-ssl-certificate-changes/

The primary cause for this is the rvm installed ruby does look into the wrong directory for certificates whereas the OSX-ruby will look into the correct one.
What you wanna do is NOT TO USE any of the precompiled rubies and rather have ruby compiled on your local machine, like so:
rvm install 2.2.0 --disable-binary
You can read detailed explanation https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html

unable to send email via smtp over ssl

i am writing a ruby script to send email using 'mail' gem.
and my smtp settings on my local machine:
mailer_options:
address: smtp.gmail.com
port: 587
domain: gmail.com
user_name: example#gmail.com
password: example_password
authentication: :login
enable_starttls_auto: true
ssl: true
when i try to send the email with the above smtp settings i get the following exception:---
/opt/rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/smtp.rb:585:in 'connect': SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol (OpenSSL::SSL::SSLError)
i tried installing ssl certificate by command
openssl s_client -connect gmail.com:443
but it does not help, thanks for any comments and answer.

Port 587 starts out plain text, and then "upgrades" to ssl via starttls if you want smtp from the start to use ssl, then you need to use port 465.
so either of these should fix your issue.
Remove enable_starttls_auto and set the port to 465
or
Remove ssl: true and rely on starttls to upgrade your connection to ssl

Sending email with Joomla and Google Apps

I have the next settings in the Joomla Global Configuration panel.
**Mail Settings**
Mailer: SMTP Server
Mail from: email#mydomain.com
From Name: John Smith
Sendmail Path:
SMTP Authentication: Yes
SMTP Security: SSL
SMTP Port: 465
SMTP Username: email#mydomain.com
SMTP Password: ******
SMTP Host: gmail-smtp-in.l.google.com
I am running Joomla 1.5.14.
I have in my google apps domain both IMAP and POP enabled.
When I try to send an email with an article link by clicking the small envelope icon I get the next feedback. "The e-mail cold not be send correctly". The SMTP validation seems to work because I do not get any SMTP error but the email is not sent. Any idea would be really appreciated!
I have tested with SMTP Host as smtp.gmail.com without success.
I have tried with sendmail defined as /usr/sbin/postfix but without success.
Solution
Set sendmail path to the sendmail command or point sendmail to postfix if you have postfix installed.
Set SMTP Host to smtp.gmail.com. I would look like:
**Mail Settings**
Mailer: SMTP Server
Mail from: email#mydomain.com
From Name: John Smith
Sendmail Path: /usr/sbin/sendmail
SMTP Authentication: Yes
SMTP Security: SSL
SMTP Port: 465
SMTP Username: email#mydomain.com
SMTP Password: ******
SMTP Host: smtp.gmail.com

Mail Settings
Mailer: SMTP Server Mail from: emailmydomain.com
From Name: John Smith
Sendmail Path: /usr/sbin/sendmail
SMTP Authentication: Yes
SMTP Security: None
SMTP Port: 25
SMTP Username: emailmydomain.com
SMTP Password: **
SMTP Host: ssl://smtp.gmail.com:465

I have Virtuemart 1.1.4 with Joomla! 1.5.15.
The configuration that works for me was (both for virtuemart and joomla contacts):
Mail Settings
Mailer: SMTP Server
Mail from: email#mydomain.com
From Name: John Smith
Sendmail Path: /usr/sbin/sendmail
SMTP Authentication: Yes
SMTP Security: None
SMTP Port: 25
SMTP Username: email#mydomain.com
SMTP Password: ******
SMTP Host: ssl://smtp.gmail.com:465