i am writing a ruby script to send email using 'mail' gem.
and my smtp settings on my local machine:
mailer_options:
address: smtp.gmail.com
port: 587
domain: gmail.com
user_name: example#gmail.com
password: example_password
authentication: :login
enable_starttls_auto: true
ssl: true
when i try to send the email with the above smtp settings i get the following exception:---
/opt/rbenv/versions/2.0.0-p247/lib/ruby/2.0.0/net/smtp.rb:585:in 'connect': SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol (OpenSSL::SSL::SSLError)
i tried installing ssl certificate by command
openssl s_client -connect gmail.com:443
but it does not help, thanks for any comments and answer.
Port 587 starts out plain text, and then "upgrades" to ssl via starttls if you want smtp from the start to use ssl, then you need to use port 465.
so either of these should fix your issue.
Remove enable_starttls_auto and set the port to 465
or
Remove ssl: true and rely on starttls to upgrade your connection to ssl
Related
I'm receiving the following SSL error on my rake rspec unit tests when I try to connect to the vault on my docker container using HTTPS:
OpenSSL::SSL::SSLError:
SSL_connect returned=1 errno=0 state=error: wrong version number
We're using docker to load a local instance of a hashicorp vault
Here's the command I run to generate the TLS Certificates
RUN openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -subj "$SUBJ" -out /vault/certificates/tls/vault.crt \
-keyout /vault/certificates/tls/vault.key
When I log into the docker container and run openssl version I get:
/ # openssl version
OpenSSL 1.1.1k 25 Mar 2021
When I try to connect to the docker container from my local prompt, I get:
$ openssl s_client -connect 'localhost:8200'
CONNECTED(000001F0)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1620224762
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
26612:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:827:
When I run this command in my local irb I get:
irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
=> {:min_version=>769, :verify_mode=>1, :verify_hostname=>true, :options=>2147614804}
irb(main):003:0>
This is my vault configurations:
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/certificates/tls/vault.crt"
tls_key_file = "/vault/certificates/tls/vault.key"
}
Also, i noticed in the docker logs we have two listeners now:
Listener 1: tcp (addr: "0.0.0.0:1234", cluster address: "0.0.0.0:1235", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Listener 2: tcp (addr: "[::]:8200", cluster address: "[::]:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "enabled")
And my docker vault server startup command is:
vault server -config=/vault/config -dev-root-token-id=myroot -dev-listen-address=0.0.0.0:1234 -dev &
And i noticed in the logs its still seeing an http connection...
Error writing data to pki/root/generate/internal: Put https://127.0.0.1:1234/v1/pki/root/generate/internal: http: server gave HTTP response to HTTPS client
Error writing data to pki/config/urls: Put https://127.0.0.1:1234/v1/pki/config/urls: http: server gave HTTP response to HTTPS client
Error writing data to pki/roles/localhost: Put https://127.0.0.1:1234/v1/pki/roles/localhost: http: server gave HTTP response to HTTPS client
Error writing data to pki/issue/localhost: Put https://127.0.0.1:1234/v1/pki/issue/localhost: http: server gave HTTP response to HTTPS client
I'm kind of lost right now on how to handle this.
Here's my configuration
[entryPoints]
[entryPoints.http]
address = ":801"
[entryPoints.https]
address = ":802"
[entryPoints.https.tls]
[entryPoints.https.tls.ClientCA]
files = ["/etc/ssl/comodo/bundle.crt"]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/ssl/comodo/www.crt"
keyFile = "/etc/ssl/comodo/www.key"
[frontends]
[frontends.http] # default
entryPoints = ["http", "https"]
backend = "fallback"
passHostHeader = true
Now I'm trying to access https://mydomain:802 and I get following error in traefik debug output
http: TLS handshake error from 111.111.111.111:64463: tls: client didn't provide a certificate
curl error message
error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
I can't figure out what I'm doing wrong.
Why would you want to use Mutual authentication (two-way handshake)? For normal SSL connections your server certificates are enough.
In your traefik.toml you're configuring Mutual authentication. If you really want so, you have to provide the certificate within your curl request:
curl --cert client.pem:<password> --key key.pem --cacert ca.pem
If you only want to provide "normal" SSL, you should delete following lines:
[entryPoints.https.tls.ClientCA]
files = ["/etc/ssl/comodo/bundle.crt"]
I have following smtp configuration (/redmine_path/config/configuration.yml)
default:
email_delivery:
delivery_method: :smtp
smtp_settings:
address: mail.example.com
port: 465
authentication: :plain
domain: mail.example.com
user_name: "redmine#example.com"
password: "xxxxxxxx"
tls: true
enable_starttls_auto: false
openssl_verify_mode: 'peer'
You would expect that this is a correct configuration for TLS/SMTP mail server configuration.
But when you try to send test email. You get the following error:
An error occurred while sending mail (SSL_connect returned=1 errno=0 state=error: certificate verify failed)
Correct configuration requires additional parameter (Tested on Debian):
ca_file: "/etc/ssl/certs/ca-certificates.crt"
or
ca_path: "/etc/ssl/certs/"
After that change Redmine correctly finds CA Root Certificates.
Fully working configuration:
default:
email_delivery:
delivery_method: :smtp
smtp_settings:
address: mail.example.com
port: 465
authentication: :plain
domain: mail.example.com
user_name: "redmine#example.com"
password: "xxxxxxxx"
tls: true
enable_starttls_auto: false
openssl_verify_mode: 'peer'
ca_file: "/etc/ssl/certs/ca-certificates.crt"
Also make sure you have updated ca-certificates:
Exchange "package-manager" for yum, apt-get or zypper
<package-manager> install ca-certificates
I wonder how many people gave up and just set openssl_verify_mode to 'none'. Scary to think about with possible man-in-the-middle attack.
More information about Ruby ActionMailer::Base configuration: ActionMailer SMTP "certificate verify failed"
This ruby code is supposed to connect to a secure channel:
connection = Net::HTTP.new "localhost", 8081
connection.use_ssl = true
connection.ssl_version = :TLSv1_2
# ...
connection.post path, data, h
I am having the following error:
usr/local/rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
Client does have support for TLSv1.2, it looks:
ruby -ropenssl -e 'puts OpenSSL::SSL::SSLContext::METHODS' | grep 1_2
TLSv1_2
TLSv1_2_server
TLSv1_2_client
Also the server has support to TLSv1.2
openssl s_client -connect localhost:8081 | grep Protocol
Protocol : TLSv1.2
Why is Net::HTTP trying to connect using state state=SSLv3?
I have the next settings in the Joomla Global Configuration panel.
**Mail Settings**
Mailer: SMTP Server
Mail from: email#mydomain.com
From Name: John Smith
Sendmail Path:
SMTP Authentication: Yes
SMTP Security: SSL
SMTP Port: 465
SMTP Username: email#mydomain.com
SMTP Password: ******
SMTP Host: gmail-smtp-in.l.google.com
I am running Joomla 1.5.14.
I have in my google apps domain both IMAP and POP enabled.
When I try to send an email with an article link by clicking the small envelope icon I get the next feedback. "The e-mail cold not be send correctly". The SMTP validation seems to work because I do not get any SMTP error but the email is not sent. Any idea would be really appreciated!
I have tested with SMTP Host as smtp.gmail.com without success.
I have tried with sendmail defined as /usr/sbin/postfix but without success.
Solution
Set sendmail path to the sendmail command or point sendmail to postfix if you have postfix installed.
Set SMTP Host to smtp.gmail.com. I would look like:
**Mail Settings**
Mailer: SMTP Server
Mail from: email#mydomain.com
From Name: John Smith
Sendmail Path: /usr/sbin/sendmail
SMTP Authentication: Yes
SMTP Security: SSL
SMTP Port: 465
SMTP Username: email#mydomain.com
SMTP Password: ******
SMTP Host: smtp.gmail.com
Mail Settings
Mailer: SMTP Server Mail from: emailmydomain.com
From Name: John Smith
Sendmail Path: /usr/sbin/sendmail
SMTP Authentication: Yes
SMTP Security: None
SMTP Port: 25
SMTP Username: emailmydomain.com
SMTP Password: **
SMTP Host: ssl://smtp.gmail.com:465
I have Virtuemart 1.1.4 with Joomla! 1.5.15.
The configuration that works for me was (both for virtuemart and joomla contacts):
Mail Settings
Mailer: SMTP Server
Mail from: email#mydomain.com
From Name: John Smith
Sendmail Path: /usr/sbin/sendmail
SMTP Authentication: Yes
SMTP Security: None
SMTP Port: 25
SMTP Username: email#mydomain.com
SMTP Password: ******
SMTP Host: ssl://smtp.gmail.com:465