Server: SMTP mail with starttls not working if mail server is not supporting TLS1

There is also a proposed fix, but that one is NOT working for me: swiftmailer/swiftmailer#935

Perhaps a good idea to let them know?

The fix has to work, I use this code of line in other projects and it is the supposed solution in https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122 .

The fix uses a concatenation of tls1.0 tls1.1 and tls1.2. In background openssl do the work and normally uses the highest available tls version.

STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

Maybe there is some missconfig by alexw65500... The easiest way to check is using sslscan (sid) to test available and preferred tls versions.

The upstream code is of course fine, I just applied it wrong:

I just commented out the original line and pasted the updated line from https://github.com/swiftmailer/swiftmailer/pull/935/commits/da589651593377d1e364011e658b8901500e9458

But upstream is using $this->stream, while the version bundled in nextcloud is using $this->_stream.
Referencing the wrong variable of course broke it and using the correct one indeed works fine for me.

Ah, nextcloud is using swiftmailer v5 but my patch is for v6. They renamed the variable names between this version...

@rullzer haven't you looked into updating swift mailer?

https://github.com/swiftmailer/swiftmailer/pull/935 looks quite good and says, that this only affects PHP 7.0 and 7.1.

Yes I was looking into it. But it requires quite a bit of changes into the server. And frankly I did not have time yet

Any update on this? Since my mail server does not offer TLS1 anymore (enforcing TLS1.2 now), my Nextcloud instance is unable to send mails anymore.

Maybe this issue is fixed by upgrading to swiftmailer 6.
See #9791, which is currently set to the milestone Nextcloud 14.

As a workaround I've setup an old version of postfix to relay the mails using TLS1.2 to my mail server.

Just a few minutes ago I tested if this issue disappeared with Nextcloud 14. I'm proud to confirm that I do not have the tls issue anymore. Sending emails to a mailserver, that enforces TLS 1.2, is working now

Are you sure it's working with Nextcloud 14 and TLS >= 1.1? I still have to manually patch StreamBuffer.php:

     public function startTLS()
     {
-        return stream_socket_enable_crypto($this->stream, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+        return stream_socket_enable_crypto($this->stream, true, STREAM_CRYPTO_METHOD_SSLv23_CLIENT);
     }

And yes, I'm using STREAM_CRYPTO_METHOD_SSLv23_CLIENT since it's (despite its name) the TLS1.x default:

PHP >= 5.6.7
STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT

Fix applied in swiftmailer 6.1.x:
https://github.com/swiftmailer/swiftmailer/commit/4c4b333c9164b74aaceb7ff9bef2d55f7a5514b8

But nexcloud uses 6.0.2

Bump swiftmailer/swiftmailer from 5.4.8 to 6.0.2
https://github.com/nextcloud/3rdparty/commit/b995ca8b8c7f69a180ad6fb49989ad3e35b1367e

Nextcloud 16 ships Swiftmailer 6.1.3 :tada: