CODEWITHSUNDEEP
ruby-on-railssslactionmailer
Shawn M. Kiewel
Shawn M. Kiewel

Reputation: 105

How do I set the SSL protocol needed for ActionMailer to use a TLS connection?

I am running into an issue trying to use my campus's SMTP server with my Rails 5.x app. I receive the following error: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol.

Here is my configuration:

config.action_mailer.smtp_settings = {
    address:              'address.domain',
    port:                 587,
    user_name:            'UNAME',
    password:             'PWD',
    authentication:       :login,
    tls:                  true,
    enable_starttls_auto: true
  }

To ensure I am using the latest openssl version, I have also required 'openssl' in my Gemfile, and it installed openssl-2.1.2.

Suggestions on next steps?

Upvotes: 5

Views: 4513

Answers (2)

akostadinov
akostadinov

Reputation: 18624

I am doing some things with Rails and email right now and was disturbed by the lack of description in docs about a way to require STARTTLS. Without making it a requirement, it is almost as not having that at all IMO.

So I checked in the sources. Since at least Ruby 2.4, enforcing STARTTLS is supported.

It seems that it can be enabled in rails in the same way enable_starttls_auto is enabled, just set enable_starttls instead. It is not documented but it seems like all settings are just passed down to Mail::SMTP so hwatever it supports can be passed.

Update: Rails project accepted my documentation update #44096.

Upvotes: 1

Steffen Ullrich
Steffen Ullrich

Reputation: 123433

port:                 587,
...
tls:                  true,
enable_starttls_auto: true

According to the documentation ":ssl/:tls - Enables the SMTP connection to use SMTP/TLS (SMTPS: SMTP over direct TLS connection)". But port 587 is not for direct TLS but for TLS upgrade via the STARTTLS command. Direct TLS is done on port 465 instead if enabled.

Thus, your client tries to access a non-TLS connection with TLS and this results in this strange error. See also my explanation on a similar question where this happened with Perl not Ruby.

To solve the problem either use port 465 with tls (if enabled on the server) or use port 587 and rely on enable_starttls_auto that it will do a later upgrade to TLS.

Upvotes: 4

Related Questions