TLS support?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • therother
    New Member
    • Oct 2006
    • 13
    • 3.8.x
    #1

    TLS support?

    We currently use SparkPost to send emails via SMTP on our vB4.2.5 board. SparkPost are about to depreciate TLS 1.0. I've just tested their new non-TLS 1.0 server and, using TLS legacy, I received the following error:

    Code:
    The mailing function returned an error while trying to send the mail.
The following errors were outputted by PHP when attempting to send mail:


PHP Warning: stream_socket_enable_crypto(): SSL: Success in ..../includes/class_mail.php on line 776

PHP User Warning: Unable to negotitate TLS handshake. in ..../includes/class_mail.php on line 715
    The email log reports the following: "FAILED: Unable to negotitate TLS handshake."

    If I switch to the other TLS option (TLS Native) I get this:

    Code:
    The mailing function returned an error while trying to send the mail.
The following errors were outputted by PHP when attempting to send mail:


PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:1408F10B:SSL routines:ssl3_get_record:wrong version number in ..../includes/class_mail.php on line 757

PHP Warning: fsockopen(): Failed to enable crypto in ..../includes/class_mail.php on line 757

PHP Warning: fsockopen(): unable to connect to tls://no-tlsv1-test-smtp.sparkpostmail.com:587 (Unknown error) in ..../includes/class_mail.php on line 757

PHP User Warning: Unable to connect to SMTP server in ..../includes/class_mail.php on line 715
    In this case, the email log reports the following: "​​​​​​​FAILED: Unable to connect to SMTP server."

    Is vB compatible with TLS 1.1 or above or is the problem due to the server configuration?
    Tags: None
    • therother
      New Member
      • Oct 2006
      • 13
      • 3.8.x
      #2
      Hunting around, it seems that "STREAM_CRYPTO_METHOD_TLS_CLIENT" on line 776 of class_mail.php doesn't include TLS 1.2 from PHP 5.6.7. Changing this to STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT seems to resolve the issue.

        Comment

        • Mark.B
          vBulletin Support
          • Feb 2004
          • 24287
          • 6.0.X
          #3
          Quite likely vB4 didn't have this support, and it is no longer being developed. I believe vB5 has it but I'd need to check.
          MARK.B
          vBulletin Support
          ------------
          My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
          My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

            Comment

            • developer294
              New Member
              • May 2011
              • 21
              • 4.1.x
              #4
              Originally posted by therother
              Hunting around, it seems that "STREAM_CRYPTO_METHOD_TLS_CLIENT" on line 776 of class_mail.php doesn't include TLS 1.2 from PHP 5.6.7. Changing this to STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT seems to resolve the issue.

              Amazon SES (Simple Email Service) is going to enforce SMTP to use TLS 1.2+ before end of the 2023.


              Solution to switch vBulletin 4 to TLS 1.2 for Amazon SES

              1. upgrade PHP to 5.6 or later (but maximum supported vBulletin 4 version is 7.1.x).
              PHP 5.6 is the first PHP version supporting TLS 1.2 (it contains constant STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT, https://www.php.net/manual/en/functi...ble-crypto.php)

              2. vBulletin4 uses STREAM_CRYPTO_METHOD_TLS_CLIENT​ constant in its code. This constant contains a default set of TLS protocols in corresponding version of PHP. And its value in PHP 5.6 is an alias to only TLS 1.0. Alas!. This is why you have to change vBulletin 4 code in file includes/class_mail.php. Find line 791:
              Code:
              if (!stream_socket_enable_crypto($this->smtpSocket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT))
              Replace this line with the following:
              Code:
              $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
​if (!stream_socket_enable_crypto($this->smtpSocket, true, $crypto_method))​
              Alternatively you can just replace STREAM_CRYPTO_METHOD_TLS_CLIENT​ with STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT, but it will disable support of TLS versions other than 1.2.

              3. send test email via vBulletin admin panel: Maintenance / Diagnostics / Send email. This is to ensure the PHP code is not broken after the edit.

              4. Unfortunatelly, I don't know the way to ensure TLS 1.2 was actually used during sending the email. So I hope I will not get email notifications from Amazon SES about using of TLS 1.0 any more.
              Last edited by developer294; Sun 6 Aug '23, 1:28am.

                Comment

                Previous template Next
                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...