nodemailer: v2.7.0
node: v6.2.0
CentOS release 6.8 (Final)
When I run under local window without any problems
However, when I uploaded to the CentOS host, the following error occurred:
```{ Error: 140395365320480:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:../deps/openssl/openssl/crypto/asn1/asn1_lib.c:157:
140395365320480:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:../deps/openssl/openssl/crypto/asn1/tasn_dec.c:1185:
140395365320480:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:../deps/openssl/openssl/crypto/asn1/tasn_dec.c:374:Type=X509_NAME_ENTRY
140395365320480:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:../deps/openssl/openssl/crypto/asn1/tasn_dec.c:669:
140395365320480:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:../deps/openssl/openssl/crypto/asn1/tasn_dec.c:669:
140395365320480:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:../deps/openssl/openssl/crypto/asn1/tasn_dec.c:697:Field=issuer, Type=X509_CINF
140395365320480:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:../deps/openssl/openssl/crypto/asn1/tasn_dec.c:697:Field=cert_info, Type=X509
140395365320480:error:1409000D:SSL routines:ssl3_get_server_certificate:ASN1 lib:../deps/openssl/openssl/ssl/s3_clnt.c:1231:
at Error (native) code: 'ECONNECTION', command: 'CONN' }
This is my code:
var transporter = nodemailer.createTransport({
service: 'yahoo',
secure: false,
requireTLS: true,
auth: {
user: 'email',
pass: 'password'
}
});
```
miiiku
All 13 comments
Whats the output of process.versions in node?
$ node
> process.versions
{ http_parser: ....
andris9
on 29 Dec 2016
@andris9
{ http_parser: '2.7.0',
node: '6.2.0',
v8: '5.0.71.47',
uv: '1.9.1',
zlib: '1.2.8',
ares: '1.10.1-DEV',
icu: '57.1',
modules: '48',
openssl: '1.0.2h' }
If you are trying to connect to Yahoo, then could you try if one of these configurations work?
var transporter = nodemailer.createTransport({
host: 'smtp.mail.yahoo.com',
port: 465,
secure: true,
auth: {
user: 'email',
pass: 'password'
}
});
// or alternatively:
var transporter = nodemailer.createTransport({
host: 'smtp.mail.yahoo.com',
port: 587,
secure: false,
auth: {
user: 'email',
pass: 'password'
}
});
I'm actually having the same issue, but on Ubuntu and with Office365. I get the error:
SMTP error { Error: 139700439099200:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:794:
at Error (native) code: 'ECONNECTION', command: 'CONN' }
My settings are:
{ host: 'smtp.office365.com',
secure: 'true',
port: '587',
auth: { user: user', pass: 'pass' }
}
thenitai
on 5 Jan 2017
@thenitai
You can try to change your email, and that's how I solved it, such as using Gmail
miiiku
on 5 Jan 2017
@thenitai if you use port 587 then secure should be false
andris9
on 5 Jan 2017
Well, point is that I allow users to enter their SMTP setting in our product. Now, the Office365 KB shows that one should use secure (SSL/TLS) with port 587. Try telling customers to not use it, when Microsoft tells them to use it :(
In any case, I got it to work, but ONLY by using it with the "tls" option:
tls : {
ciphers : 'SSLv3'
}
Now, I'm wondering can I keep the tls option for ALL connections or would this interfere with other smtp settings?
Thank you.
thenitai
on 5 Jan 2017
secure: true means that connection is started using TLS. This is mostly used for port 465. secure: false means that connection is started using plaintext and then upgraded to TLS using the STARTTLS command if the server supports it. This usually goes with ports 25 and 587.
andris9
on 5 Jan 2017
@andris9 Oh, in other words, it's a bad idea to expose this value to be set in a customer form... I misunderstood the secure option completely. What about keeping the tls option included for all connections?
thenitai
on 5 Jan 2017
Yeah, the historic conventions are way off. The setting "Use SSL” for Nodemailer means “secure: true”. Setting “Use TLS” or “Use TLS/STARTTLS” for Nodemailer means “secure: false; requireTLS: true”. The requireTLS setting is optional as Nodemailer tries to upgrade to TLS by default but this prevents some downgrade attacks where a MiTM removes the STARTTLS capability listing from the server response.
You can’t use “secure: true” for all connections because of how the protocol works. There might be some server implementations that understand if the client tries to use TLS from the start or not but I don’t know any like that. Some client software tries different options when connecting until a successful combination of settings are found but for Nodemailer this does not make much sense, it is presumed that you know ahead the correct settings and trying to autodetect stuff would only make connections slower.
andris9
on 5 Jan 2017
Ok, so in other words, I should keep the secure flag to "false" always, as nodemailer tries to upgrade the connection by default, right? Or should I just automatically set it to true when the user enters port 465?
thenitai
on 5 Jan 2017
// For port 465
var transporter = nodemailer.createTransport({
host: 'smtp.hostname',
port: 465,
secure: true,
auth: {
user: 'email',
pass: 'password'
}
});
// for port 587 or 25 or 2525 etc.
var transporter = nodemailer.createTransport({
host: 'smtp.hostname',
port: 587,
secure: false,
requireTLS: true, // only use if the server really does support TLS
auth: {
user: 'email',
pass: 'password'
}
});
If you also need some specific TLS configuration, then you can use tls option. The values that can be used are the same as for TLSSocket
andris9
on 5 Jan 2017
Ok, just what I thought. Thank you. Your help is much appreciated.
thenitai
on 5 Jan 2017
Related issues
murvinlai
·
14Comments
ghost
·
9Comments
AshishkrGoyal
·
17Comments
mdevDE
·
13Comments
kjarmicki
·
30Comments
Most helpful comment
If you also need some specific TLS configuration, then you can use
tlsoption. The values that can be used are the same as for TLSSocket