Mail: May be incorrectly forcing initial TLS usage #3896

New Issue

Closed

opened 2026-02-05 07:47:44 +03:00 by OVERLORD · 6 comments

OVERLORD commented 2026-02-05 07:47:44 +03:00

Owner

Copy Link

Originally created by @ssddanbrown on GitHub (Jul 3, 2023).

As per https://github.com/solidnerd/docker-bookstack/issues/406.

I think we're forcing TLS usage in scenarios which need STARTTLS to occur instead of TLS from the start.
Example case looks to be Gmail SMTP over port 587.

Need to check if there's a way to force STARTTLS to be started if MAIL_ENCRYPTION=tls/ssl.
Otherwise, option becomes somewhat redundant.

Originally created by @ssddanbrown on GitHub (Jul 3, 2023). As per https://github.com/solidnerd/docker-bookstack/issues/406. I think we're forcing TLS usage in scenarios which **_need_** STARTTLS to occur instead of TLS from the start. Example case looks to be Gmail SMTP over port 587. Need to check if there's a way to force STARTTLS to be started if `MAIL_ENCRYPTION=tls/ssl`. Otherwise, option becomes somewhat redundant.

OVERLORD added the 🐛 Bug📖 Docs Update🏭 Back-End labels 2026-02-05 07:47:44 +03:00

OVERLORD closed this issue 2026-02-05 07:47:46 +03:00

OVERLORD commented 2026-02-05 07:47:50 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 3, 2023):

No direct way to do this. Open issue on Symfony Mailer exists.
Could implement custom transport but surface area gets quite large as would end up working around/re-implementing multiple layers (Laravel Mail Manager > Transport Factory > EsmtpTransport). Can't seem to make targeted changes due to how this is built.

Do we instead just update the docs to state the new behaviour? With MAIL_ENCRYPTION=tls/ssl forcing full TLS, and STARTTLS being used wherever otherwise announced? How do we test that?
Or do we go back to MAIL_ENCRYPTION doing nothing?

Edit with Bonus option: Fork Symfony mailer temporarily until we decide what to do, offer patch upstream.

@ssddanbrown commented on GitHub (Jul 3, 2023): No direct way to do this. Open issue on [Symfony Mailer exists](https://github.com/symfony/symfony/issues/48297). Could implement custom transport but surface area gets quite large as would end up working around/re-implementing multiple layers (Laravel Mail Manager > Transport Factory > EsmtpTransport). Can't seem to make targeted changes due to how this is built. Do we instead just update the docs to state the new behaviour? With MAIL_ENCRYPTION=tls/ssl forcing full TLS, and STARTTLS being used wherever otherwise announced? How do we test that? Or do we go back to `MAIL_ENCRYPTION` doing nothing? Edit with Bonus option: Fork Symfony mailer temporarily until we decide what to do, offer patch upstream.

OVERLORD commented 2026-02-05 07:47:57 +03:00

Author

Owner

Copy Link

@MattijnP commented on GitHub (Jul 4, 2023):

Hi there, I think i might be experiencing this issue. The new update broke connection to the mail server.
My configuration is:

MAIL_PORT=587
MAIL_ENCRYPTION=tls

And the error i get when attempting a test email:

Error thrown when sending a test email:
Connection could not be established with host "ssl://***:587": stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:0A00010B:SSL routines::wrong version number

My email server provider mentions that STARTTLS should be selected in their documentation.
Setting the port to 465 does not work, the mail server does not expose that port.
Is there a current workaround?

@MattijnP commented on GitHub (Jul 4, 2023): Hi there, I think i might be experiencing this issue. The new update broke connection to the mail server. My configuration is: ``` MAIL_PORT=587 MAIL_ENCRYPTION=tls ``` And the error i get when attempting a test email: ``` Error thrown when sending a test email: Connection could not be established with host "ssl://***:587": stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:0A00010B:SSL routines::wrong version number ``` My email server provider mentions that STARTTLS should be selected in their documentation. Setting the port to `465` does not work, the mail server does not expose that port. Is there a current workaround?

OVERLORD commented 2026-02-05 07:47:58 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 4, 2023):

@MattijnP Setting MAIL_ENCRYPTION=null or commenting out that option with a proceeding # should act as a workaround. STARTTLS will still be used in that scenario but there's just no assurance of TLS/STARTTLS.

@ssddanbrown commented on GitHub (Jul 4, 2023): @MattijnP Setting `MAIL_ENCRYPTION=null` or commenting out that option with a proceeding `#` should act as a workaround. STARTTLS will still be used in that scenario but there's just no assurance of TLS/STARTTLS.

OVERLORD commented 2026-02-05 07:48:01 +03:00

Author

Owner

Copy Link

@MattijnP commented on GitHub (Jul 4, 2023):

Thank you for your swift reply! I was just about to comment that doing exactly that has fixed my issue.

MAIL_ENCRYPTION=null

@MattijnP commented on GitHub (Jul 4, 2023): Thank you for your swift reply! I was just about to comment that doing exactly that has fixed my issue. ``` MAIL_ENCRYPTION=null ```

OVERLORD commented 2026-02-05 07:48:06 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 4, 2023):

Tried to add custom mailer transport classes to BookStack, extending Symfony mailer where possible, but then had issues in onward testing due to hardcoded use of EsmtpTransport class, so overriding/extending would need have a very high surface area.

Went with a forked repo/package to make it easier to track changes relative to upstream. Will see if this kind of thing can be added upstream.

Changes here to be part of the next patch release.

@ssddanbrown commented on GitHub (Jul 4, 2023): Tried to add custom mailer transport classes to BookStack, extending Symfony mailer where possible, but then had issues in onward testing due to hardcoded use of `EsmtpTransport` class, so overriding/extending would need have a very high surface area. Went with a [forked repo/package](https://github.com/ssddanbrown/symfony-mailer) to make it easier to track changes relative to upstream. Will see if this kind of thing can be added upstream. Changes here to be part of the next patch release.

OVERLORD commented 2026-02-05 07:48:10 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 4, 2023):

Doc Updates

• Update docs for MAIL_ENCRYPTION to ensure they are correct with now added behaviour.
• Probably need to have another update note for this since it does represent a change in what our guidance previously said 😞

@ssddanbrown commented on GitHub (Jul 4, 2023): ### Doc Updates - [ ] Update docs for `MAIL_ENCRYPTION` to ensure they are correct with now added behaviour. - [ ] Probably need to have another update note for this since it does represent a change in what our guidance previously said :disappointed:

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 📖 Docs Update 🐛 Bug 🏭 Back-End

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3896