OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: wrong version number)
I've problem for connect to remote server with postfix and TLS 1.2 I see other issues, such SMTP is not working with TLSv1.2
I've tried several ways for my gitlab work but I not get solution.
sudo gitlab-rails console
--------------------------------------------------------------------------------
Ruby: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux]
GitLab: 13.11.3-ee (7fde0affe23) EE
GitLab Shell: 13.17.0
PostgreSQL: 12.6
--------------------------------------------------------------------------------
Loading production environment (Rails 6.0.3.6)
irb(main):001:0> ActionMailer::Base.smtp_settings
=> {:authentication=>:login, :address=>"central.xxxxxx.com", :port=>465, :user_name=>"gitlab@central.xxxxx.com", :password=>"hasdjhajksdhkjahsdjkhakjdh", :domain=>"central.xxxxx.com", :enable_starttls_auto=>false, :tls=>true, :openssl_verify_mode=>"none", :ca_file=>"/opt/gitlab/embedded/ssl/certs/cacert.pem"}
irb(main):002:0> Notify.test_email('xxxxx.mateos@xxxx.com', 'Hello World', 'This is a test message').deliver_now
Notify#test_email: processed outbound mail in 1.2ms
Delivered mail 60904996122b1_1cbe3158c09455e@gitlab.mail (31.9ms)
Date: Mon, 03 May 2021 19:05:58 +0000
From: GitLab <gitlab@gitlab.xxxxx.com>
Reply-To: GitLab <noreply@gitlab.xxxxx.com>
To: xxxxxxx.mateos@xxxxx.com
Message-ID: <60904996122b1_1cbe3158c09455e@gitlab.mail>
Subject: Hello World
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>This is a test message</p></body></html>
Traceback (most recent call last):
1: from (irb):2
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: wrong version number)
irb(main):003:0>
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "central.xxxxx.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "gitlab@central.xxxx.com"
gitlab_rails['smtp_password'] = "hdgshgahsdgahsdghjasd"
gitlab_rails['smtp_domain'] = "central.xxxxx.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'none'
Connection test
openssl s_client -connect central.XXXXXX.com:465 -starttls smtp
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = XXXXXX.es
verify return:1
---
Certificate chain
0 s:CN = xxxxx.es
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF4zCCBMugAwIBAgISBIbLZ+LY8uAM6T3qcPHRSb/+MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
...
BycaDT7nfjAdeG9FDvFwbR+XmJPEJKbvD0U+J+ZwjOqM22pZYXMDpvL/BxQ0xgir
RsZaITmpKEBlkjt+pXVEmcPRpiYUMn8=
-----END CERTIFICATE-----
subject=CN = aicha.es
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3449 bytes and written 424 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 CHUNKING
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 5C6049EEEF0F399B1A164541FA6A8A5AC863CB74C50A84B73B2984BA5604FE4A
Session-ID-ctx:
Resumption PSK: 99942E41CD8772942B81216E0792AB36SSSSSSS01520703028D33B260155ADADAA037F4212B5701A1CB9565B2354998
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 1f 26 68 cc 46 dc d4 3e-aa 40 a7 a2 4c 04 ed f3 .&h.F..>.@..L...
0010 - 92 c6 92 65 c9 b8 61 ec-5e 32 e6 97 23 24 c9 1b ...e..a.^2..#$..
0020 - d4 e0 d8 f7 8f b6 ca 1b-9f 84 73 3e a1 b8 9e 84 ..........s>....
0030 - 70 1a 8d 24 50 25 9a 87-e5 74 06 c2 d8 4b 2d 9f p..$P%...t...K-.
0040 - 41 fc 08 54 0e c8 bb a3-46 49 7c 8b 3c 3e e8 db A..T....FI|.<>..
0050 - 33 5d 22 32 b4 c6 30 a2-79 5a 6d ed 02 68 4e bf 3]"2..0.yZm..hN.
0060 - 07 88 f9 54 47 e3 87 d4-6e 2f 8c e2 30 45 e8 33 ...TG...n/..0E.3
0070 - b4 c3 70 10 5f 33 4c 79-65 03 37 6a c1 84 86 ed ..p._3Lye.7j....
0080 - a3 22 c6 d6 5a b3 bc 42-d4 4c b1 e9 a9 97 88 a3 ."..Z..B.L......
0090 - 6a 5f be d2 6d 01 4f 6b-ad a4 f4 3f 02 a8 15 f9 j_..m.Ok...?....
00a0 - 88 d5 3d 55 ac d9 b0 92-32 db 0d 70 92 ba 53 62 ..=U....2..p..Sb
00b0 - 79 27 66 68 f7 36 28 13-00 94 95 2e e8 2c 94 d6 y'fh.6(......,..
00c0 - 25 1b 60 c6 69 57 4e 3a-9a ad 4a 0e ce 4a 0f c4 %.`.iWN:..J..J..
Start Time: 1620068627
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
AUTH PLAIN AGdpdGxhYkBjZW50cmFsLmasda34edaswFdiMldONWZrcXE0c3YjVVVXpBQ1dpaA==
235 2.7.0 Authentication successful
Some data is altered for security
Any ideas?