[exim] Re: Starting Swift_SmtpTransport

Top Page
Delete this message
Reply to this message
Author: Ltc Hotspot
Date:  
To: Jeremy Harris
CC: exim-users
Subject: [exim] Re: Starting Swift_SmtpTransport
Hi Jeremy,

>"exim -bV | grep Support; exim -bP openssl_options"



[root@35-236-118-198 ~]# exim -bV | grep Support; exim -bP openssl_options
2023-08-01 07:55:52 cwd=/root 2 args: exim -bV
Support for: crypteq iconv() IPv6 PAM Perl OpenSSL TLS_resume
Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR
Queue_Ramp SPF SRS TCP_Fast_Open
openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1
[root@35-236-118-198 ~]#

The SuPHP and LSAPI /home/$USERNAME/public_html/error_log as the error log.

@ /public_html/mautic.devced.com/error_log:

"[01-Aug-2023 15:14:28 UTC] PHP Warning:  stream_socket_enable_crypto():
Peer certificate CN=`35-236-118-198.cprapid.com' did not match expected CN=`
imap.devced.com' in /home/mautic/public_html/
mautic.devced.com/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php
on line 94."


@ /home/mautic/public_html/
mautic.devced.com/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php
on line 94"

"{
        // STREAM_CRYPTO_METHOD_TLS_CLIENT only allow tls1.0 connections
(some php versions)
        // To support modern tls we allow explicit tls1.0, tls1.1, tls1.2
        // Ssl3 and older are not allowed because they are vulnerable
        // @TODO make tls arguments configurable
        return stream_socket_enable_crypto($this->stream, true,
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT |
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
    }," https://gist.github.com/DevCEDTeam/3a4ff6fe85332c9c717b5f5c5b84de61


What is the source of the "Unable to connect with TLS encryption Log data:
++ Starting Swift_SmtpTransport,"
https://gist.github.com/DevCEDTeam/b289744ad655116d230e4ff65c39e02b?permalink_comment_id=4644358#gistcomment-4644358

Thanks,
Hal

On Tue, Aug 1, 2023 at 1:04 AM Jeremy Harris via Exim-users <
exim-users@???> wrote:

> On 01/08/2023 01:22, Ltc Hotspot via Exim-users wrote:
> > How do I complete such an Exim upgrade?
>
> If those openssl_options are actually the ones active, you already
> have TLS 1.1 disabled.  You could check the running config by running
> "exim -bV | grep Support; exim -bP openssl_options"
> --
> Cheers,
>    Jeremy
>
>
> --
> ## subscription configuration (requires account):
> ##
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ##   exim-users-unsubscribe@???
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>



--
Regards,
Hal

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/