SMTP is not working with TLSv1.2
Summary
Trying to send e-mail by SMTP using TLSv1.2 causing OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: wrong version number)
Steps to reproduce
- Use SMTP server with TLSv1.2
- Setup smtp:
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "mail.example.ru"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_user_name'] = "mailer@example.ru"
gitlab_rails['smtp_password'] = "PASSWORD"
gitlab_rails['gitlab_email_from'] = 'mailer@example.ru'
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_ssl'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
gitlab_rails['smtp_enable_starttls_auto'] = true
What is the current bug behavior?
E-mails not sending at all:
irb(main):001:0> Notify.test_email('my_test_email@example.ru', 'Message Subject', 'Message Body').deliver_now
Notify#test_email: processed outbound mail in 1.5ms
Sent mail to my_test_email@example.ru(204.6ms)
Date: Wed, 22 Jan 2020 10:57:15 +0000
From: GitLab <mailer@example.ru>
Reply-To: GitLab <noreply@gitlab.example.ru>
To: my_test_email@example.ru
Message-ID: <5e282a8b3611f_12a3fe27fad39a4458d1@89859bb64357.mail>
Subject: Message Subject
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Message Body</p></body></html>
Traceback (most recent call last):
1: from (irb):1
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: wrong version number)
What is the expected correct behavior?
E-mails work well
Relevant logs
/opt/gitlab/embedded/bin/openssl s_client -connect mail.example.ru:587 -starttls smtp -tlsextdebug < /dev/null | grep TLS
TLS server extension "extended master secret" (id=23), len=0 TLS server extension "renegotiation info" (id=65281), len=1 depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA verify return:1 depth=1 C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2 verify return:1 depth=0 OU = Domain Control Validated, CN = *.example.ru verify return:1 250 CHUNKING DONE New, TLSv1.2, Cipher is ECDHE-RSA-AES128-SHA256 Protocol : TLSv1.2
Environment details
- Operating System: Docker
- Installation Target, remove incorrect values:
- Other:
gitlab/gitlab-ce:12.6.4-ce.0
- Other:
- Installation Type, remove incorrect values:
- Upgrade from version
gitlab/gitlab-ce:12.5.5-ce.0
- Upgrade from version
- Is there any other software running on the machine:
run inside docker
- Is this a single or multiple node installation?
official docker image
- Resources
- CPU:
3 cores
- Memory total:
7974+2043(swap)
- CPU:
Configuration details
Above