Server: Error sending mails with forced TLS 1.2
Steps to reproduce
- Install Nextcloud 14.0.1
- Setup Email server at Basic Settings with STARTTLS or SSL/TLS
- Send Testmail
Expected behaviour
Sending mail without any error.
Actual behaviour
If the Mail server is configured to only support TLS 1.2 nextcloud can't send a Mail because swfitmailer doesn't support these configuration (yet).
It's a closed swiftmailer issue: swiftmailer/swiftmailer#598 and fixed in the next version https://github.com/swiftmailer/swiftmailer/commit/4c4b333c9164b74aaceb7ff9bef2d55f7a5514b8#diff-c0a98e32b9cfd0944a6c592d5d6c1a35.
Server configuration detail
Operating system: Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21) x86_64
Webserver: nginx/1.12.2 (fpm-fcgi)
Database: mysql 10.1.32
PHP version:
7.1.17
Modules loaded: Core, date, libxml, pcre, zlib, filter, hash, readline, Reflection, SPL, session, cgi-fcgi, bcmath, bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, mbstring, mcrypt, openssl, pcntl, PDO, pgsql, posix, standard, SimpleXML, sqlite3, tidy, xml, xmlwriter, zip, exif, mysqlnd, xmlreader, mysqli, pdo_mysql, Zend OPcache
Nextcloud version: 14.0.1 - 14.0.1.1
**Updated from an older Nextcloud/ownCloud or fresh install: Upgrade
**Where did you install Nextcloud from: nextcloud.com tar.bz(.asc) download
List of activated apps
Enabled:
- accessibility: 1.0.1
- activity: 2.7.0
- bookmarks: 0.13.0
- calendar: 1.6.2
- cloud_federation_api: 0.0.1
- comments: 1.4.0
- contacts: 2.1.6
- dav: 1.6.0
- federatedfilesharing: 1.4.0
- federation: 1.4.0
- files: 1.9.0
- files_external: 1.5.0
- files_pdfviewer: 1.3.2
- files_sharing: 1.6.2
- files_texteditor: 2.6.0
- files_trashbin: 1.4.1
- files_versions: 1.7.1
- files_videoplayer: 1.3.0
- firstrunwizard: 2.3.0
- gallery: 18.1.0
- issuetemplate: 0.4.0
- logreader: 2.0.0
- lookup_server_connector: 1.2.0
- nextcloud_announcements: 1.3.0
- notes: 2.4.2
- notifications: 2.2.1
- oauth2: 1.2.1
- password_policy: 1.4.0
- provisioning_api: 1.4.0
- serverinfo: 1.4.0
- sharebymail: 1.4.0
- spreed: 4.0.0
- support: 1.0.0
- systemtags: 1.4.0
- tasks: 0.9.7
- theming: 1.5.0
- twofactor_backupcodes: 1.3.1
- twofactor_totp: 1.5.0
- updatenotification: 1.4.1
- workflowengine: 1.4.0
Disabled:
- admin_audit
- checksum
- encryption
- survey_client
- user_external
- user_ldap
Configuration (config/config.php)
{
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"cloud.example.com"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/cloud.example.com",
"overwriteprotocol": "https",
"dbtype": "mysql",
"version": "14.0.1.1",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"forcessl": true,
"forceSSLforSubdomains": true,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"theme": "",
"maintenance": false,
"loglevel": 1,
"trashbin_retention_obligation": "auto, auto",
"updatechecker": true,
"check_for_working_htaccess": true,
"log_type": "owncloud",
"logfile": "\/data\/log\/nextcloud.log",
"logdateformat": "F d, Y H:i:s",
"logtimezone": "Europe\/Berlin",
"log_query": false,
"cron_log": true,
"appstoreenabled": true,
"enable_previews": true,
"preview_max_x": 2048,
"preview_max_y": 2048,
"preview_max_scale_factor": 10,
"preview_max_filesize_image": 50,
"enabledPreviewProviders": [
"OC\\Preview\\PNG",
"OC\\Preview\\JPEG",
"OC\\Preview\\GIF",
"OC\\Preview\\BMP",
"OC\\Preview\\XBitmap",
"OC\\Preview\\MP3",
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown"
],
"tempdirectory": "\/tmp\/",
"hashingCost": 10,
"blacklisted_files": [
".htaccess"
],
"forwarded_for_headers": [
"HTTP_X_FORWARDED",
"HTTP_FORWARDED_FOR"
],
"htaccess.RewriteBase": "\/",
"apps_paths": [
{
"path": "\/data\/http\/public\/apps",
"url": "\/apps",
"writable": true
}
],
"mail_smtpauthtype": "PLAIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"filelocking.enabled": true,
"filelocking.ttl": 3600,
"updater.secret": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "tls"
}
Logs
Nextcloud log
{"reqId":"***REMOVED SENSITIVE VALUE***","level":3,"time":"September 27, 2018 09:05:17","remoteAddr":"172.20.0.11","user":"***REMOVED SENSITIVE VALUE***","app":"PHP","method":"POST","url":"\/settings\/admin\/mailtest","message":"stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version at \/data\/http\/public\/3rdparty\/swiftmailer\/swiftmailer\/lib\/classes\/Swift\/Transport\/StreamBuffer.php#94","userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3497.100 Safari\/537.36","version":"14.0.1.1"}
#
ps1lo
All 6 comments
GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/3109 (Unable to send e-mail since Nextcloud 11), https://github.com/nextcloud/server/issues/6786 (Error with PHP7.2), https://github.com/nextcloud/server/issues/6775 (3rdparty swiftmailer NTLMauth throws error but mail is sent), https://github.com/nextcloud/server/issues/2391 (Warning "Couldn't send mail to following users: "), and https://github.com/nextcloud/server/issues/6325 (mail app does not send fqdn).
nextcloud-bot
on 27 Sep 2018
With the attached patch php can act with STARTTLS tls1.0, tls1.1, tls1.2. see Upstream
Nextcloud_allow_E-Mail_TLSv1_2.diff.txt
best regards
Mario
mgoppold
on 12 Oct 2018
@mgoppold sorry stupid question, how to apply the patch when using snap.
I found the file below but can't edit StreamBuffer.php (read only) even using sudo nano.
-rw-r--r-- 1 root root 9715 Aug 30 18:16 /snap/nextcloud/current/htdocs/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php
alexwijoyo
on 19 Oct 2018
@mgoppold sorry stupid question, how to apply the patch when using snap.
I found the file below but can't edit StreamBuffer.php (read only) even using sudo nano.
-rw-r--r-- 1 root root 9715 Aug 30 18:16 /snap/nextcloud/current/htdocs/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php
You can not edit snap-Files without rebuilding, follow https://askubuntu.com/questions/919091/why-can-snap-files-not-be-modified-in-any-way
mgoppold
on 19 Oct 2018
@mgoppold sorry stupid question, how to apply the patch when using snap.
I found the file below but can't edit StreamBuffer.php (read only) even using sudo nano.
-rw-r--r-- 1 root root 9715 Aug 30 18:16 /snap/nextcloud/current/htdocs/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.phpYou can not edit snap-Files without rebuilding, follow https://askubuntu.com/questions/919091/why-can-snap-files-not-be-modified-in-any-way
Ouch so the only way is waiting for the fix from nextcloud snap team. Thanks for the information.
alexwijoyo
on 20 Oct 2018
Looks like a duplicate of https://github.com/nextcloud/server/issues/7421. Nextcloud 16 ships Swiftmailer 6.1.3 :tada:
kesselb
on 17 Aug 2019
Related issues
brylie
路
3Comments
ChristophWurst
路
3Comments
mfechner
路
3Comments
blackcrack
路
3Comments
MariusBluem
路
3Comments
Most helpful comment
With the attached patch php can act with STARTTLS tls1.0, tls1.1, tls1.2. see Upstream
Nextcloud_allow_E-Mail_TLSv1_2.diff.txt
best regards
Mario