SMTP SSL Error "Could not encrypt connection" #687

New Issue

Closed

opened 2026-02-04 22:13:30 +03:00 by OVERLORD · 6 comments

OVERLORD commented 2026-02-04 22:13:30 +03:00

Owner

Copy Link

Originally created by @davidus05 on GitHub (Apr 15, 2020).

SMTP SSL Error "Could not encrypt connection"

Some days ago I generated a new SSL certificate with Let's Encrypt for our exchange server. I use it to connect via SMTP to send mails from bitwarden_rs. Now I wanted to log in to the vault on the Android app, but this doesn't work, because: "Could not send login notification email. Please contact your administrator.

Then I saw that sending emails in general does not work anymore.

Your environment

• Bitwarden_rs version: 1.14.2

• Install method: Docker image
• Clients used: Android
• Other relevant information: It worked before I generated the new SSL certifiate

Steps to reproduce

1. Configure SMTP email settings
2. Send SMTP test mail

Expected behaviour

I should get an email.

Actual behaviour

Sending an email did not work.

Relevant logs

[2020-04-15 20:32:12][request][INFO] POST /admin/test/smtp/
[2020-04-15 20:32:12][lettre::smtp][INFO] connection established to *******:587
[2020-04-15 20:32:12][error][ERROR] LetreErr.
[CAUSE] Client(
"Could not encrypt connection, aborting",
)

How to solve this problem or is there a way to ignore the certificate like in Bitwarden orig: (https://github.com/bitwarden/server/issues/451)

Originally created by @davidus05 on GitHub (Apr 15, 2020). <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unneccessary for your issue, feel free to remove them. Remember to hide/obfuscate personal and confidential information, such as names, global IP/DNS adresses and especially passwords, if neccessary. --> ### SMTP SSL Error "Could not encrypt connection" Some days ago I generated a new SSL certificate with Let's Encrypt for our exchange server. I use it to connect via SMTP to send mails from bitwarden_rs. Now I wanted to log in to the vault on the Android app, but this doesn't work, because: "Could not send login notification email. Please contact your administrator. Then I saw that sending emails in general does not work anymore. ### Your environment <!-- The version number, obtained from the logs or the admin page --> * Bitwarden_rs version: 1.14.2 <!-- How the server was installed: Docker image / package / built from source --> * Install method: Docker image * Clients used: <!-- if applicable --> Android * Other relevant information: It worked before I generated the new SSL certifiate ### Steps to reproduce 1. Configure SMTP email settings 2. Send SMTP test mail ### Expected behaviour I should get an email. ### Actual behaviour Sending an email did not work. ### Relevant logs [2020-04-15 20:32:12][request][INFO] POST /admin/test/smtp/ [2020-04-15 20:32:12][lettre::smtp][INFO] connection established to *******:587 [2020-04-15 20:32:12][error][ERROR] LetreErr. [CAUSE] Client( "Could not encrypt connection, aborting", ) How to solve this problem or is there a way to ignore the certificate like in Bitwarden orig: (https://github.com/bitwarden/server/issues/451)

OVERLORD closed this issue 2026-02-04 22:13:33 +03:00

OVERLORD commented 2026-02-04 22:13:43 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jun 4, 2020):

Do you use a self generated SSL Certificate?
What happens if you try executing:

openssl s_client -connect my-email-server.com:587

That should report with a certificate, but i doubt that it will on port 587, since that is by default a submission port which normally uses starttls instead of ssl.

For example, GMail uses SSL and that works using:

openssl s_client -connect smtp.gmail.com:465

@BlackDex commented on GitHub (Jun 4, 2020): Do you use a self generated SSL Certificate? What happens if you try executing: ```bash openssl s_client -connect my-email-server.com:587 ``` That should report with a certificate, but i doubt that it will on port 587, since that is by default a submission port which normally uses starttls instead of ssl. For example, GMail uses SSL and that works using: ```bash openssl s_client -connect smtp.gmail.com:465 ```

OVERLORD commented 2026-02-04 22:13:46 +03:00

Author

Owner

Copy Link

@davidus05 commented on GitHub (Jun 7, 2020):

Hey, thanks for your reply!
The first command gives following output:

CONNECTED(00000003)
139665375049088:error:1408F10B:SSL routines:ssl3_get_record:wrong version number                                                                                                                                                             :../ssl/record/ssl3_record.c:252:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1591552629
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

The second command:

CONNECTED(00000003)
140312739898752:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1591552747
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

@davidus05 commented on GitHub (Jun 7, 2020): Hey, thanks for your reply! _The first command gives following output:_ ``` CONNECTED(00000003) 139665375049088:error:1408F10B:SSL routines:ssl3_get_record:wrong version number :../ssl/record/ssl3_record.c:252: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 176 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1591552629 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- ``` _The second command:_ ``` CONNECTED(00000003) 140312739898752:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 176 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1591552747 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- ```

OVERLORD commented 2026-02-04 22:13:47 +03:00

Author

Owner

Copy Link

@MichZipp commented on GitHub (Aug 27, 2020):

@davidus05 I currently have the same issue, did you solve it in the meantime?

@MichZipp commented on GitHub (Aug 27, 2020): @davidus05 I currently have the same issue, did you solve it in the meantime?

OVERLORD commented 2026-02-04 22:13:49 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Sep 23, 2020):

@davidus05 & @MichZipp could you both try again with the latest testing image from docker? There are several items changed regarding emails maybe they fixed your issues.

@BlackDex commented on GitHub (Sep 23, 2020): @davidus05 & @MichZipp could you both try again with the latest testing image from docker? There are several items changed regarding emails maybe they fixed your issues.

OVERLORD commented 2026-02-04 22:13:55 +03:00

Author

Owner

Copy Link

@MichZipp commented on GitHub (Sep 23, 2020):

@BlackDex Issue is fixed, thanks a lot!

@MichZipp commented on GitHub (Sep 23, 2020): @BlackDex Issue is fixed, thanks a lot!

OVERLORD commented 2026-02-04 22:13:57 +03:00

Author

Owner

Copy Link

@siddjellali commented on GitHub (Mar 19, 2021):

Hi,

It seems the same issue appears again... Anyone Else has the issue ?

root@a38bd1710df0:/# openssl s_client -connect smtp.gmail.com:465
CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
   i:C = US, O = Google Trust Services, CN = GTS CA 1O1
 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1
   i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIExjCCA66gAwIBAgIQVaARneYUhJ4FAAAAAId/fDANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw
EQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIxMDIyMzE1NDEyOFoXDTIxMDUxODE1NDEy
N1owaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFzAVBgNVBAMTDnNt
dHAuZ21haWwuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz5t6F4A0l3nC
l+KAgd1NdLXCIU8oAmMPijon/g68gFbsViPZSlWXhrArCnqNlUT8GbEdcFj9icKy
Bu3w4fRliqOCAlswggJXMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF
BQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRB4vZADwgT77UkdUlSQWDDbHLj
0DAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBoBggrBgEFBQcBAQRc
MFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29nL2d0czFvMWNvcmUw
KwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwGQYD
VR0RBBIwEIIOc210cC5nbWFpbC5jb20wIQYDVR0gBBowGDAIBgZngQwBAgIwDAYK
KwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnBraS5nb29n
L0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUAfT7y+I//
iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF3z8RgtAAABAMARjBEAiBMVvzP
0VlhlUAQ2xdmgelVJRUkQQKQ3eU8JKrqC99TjwIgDvuhxAo6uoH6AjiI1/CDvcpN
OANtGlBm5FX5SabqwfcAdgBElGUusO7Or8RAB9io/ijA2uaCvtjLMbU/0zOWtbaB
qAAAAXfPxGGoAAAEAwBHMEUCIQD7FFCH3J3+yer1NThMYgOOGNqYEyoo1uHHTwiU
HF1L8AIgfdngbodie3HDo0nx0n0JFPsEDvCx3j6AuPc8ACjZ9hgwDQYJKoZIhvcN
AQELBQADggEBAB7fhKIaCwxGFROxc7mI2ZZHd0WYp0BWKEUqc7P3Khmr2skJ17bn
vdmAI4SNwrVgLkVJyLUfwf9N2i1xRsymZGvonxwjSSlqjvuBJkwnMsnQxsCNXGNU
UB9C1T/4EygpoeL9ed9912KsiHuaJE4Kkqobl0/TnDqzLY2IXyR3CMhLnbSzTxTu
nlYB6n+CScYhnywHPnR89XW0i8RgcBHU6JIRdn0QyOxMQ8Yz3Xg56uPHkaXTIwLq
o1BgdkkdUvlz4+13dqywVfl0FPkKDuYZ5dvcB7lAM84Fzot824BjoFGBVum5iaQi
qU3C697yW0MvW+HRVM4CPirCZggWbiVru3Q=
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com

issuer=C = US, O = Google Trust Services, CN = GTS CA 1O1

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2638 bytes and written 386 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: D1611E0C63D459F95D3E0F04C935A053E024AB82080A08DFDE9D1FD91493F89C
    Session-ID-ctx: 
    Resumption PSK: ABDB4DE7644B6C8BB45E59C3BBAA14BDE7E37BF083B011014ECBE6E233C2172AC19BC86ED51118830CFCD5DF5209515C
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 172800 (seconds)
    TLS session ticket:
    0000 - 01 41 e6 ab cb f9 5b fe-76 79 f3 e5 73 ad 10 d8   .A....[.vy..s...
    0010 - 1e 68 fb d9 56 fa 61 2f-1b 0c d0 7d 2c 9e b8 0b   .h..V.a/...},...
    0020 - cc e1 be a2 3f 36 92 93-df b2 20 12 0a f9 18 4b   ....?6.... ....K
    0030 - 4d 01 c2 60 41 4e 68 5c-d3 d6 21 cb b2 62 8c bf   M..`ANh\..!..b..
    0040 - 3b 4b 10 cb 25 d8 a4 77-34 d2 a8 ae f3 33 7e 3d   ;K..%..w4....3~=
    0050 - e2 f3 cf 71 01 1d bc e8-5e 4e 11 b3 5c 2a 3a bb   ...q....^N..\*:.
    0060 - 5b cc 93 b2 4c 46 e8 df-9d ee 37 d4 c9 a4 7f 84   [...LF....7.....
    0070 - 3b d4 98 3a ae 41 40 d1-56 cb 56 26 58 30 62 20   ;..:.A@.V.V&X0b 
    0080 - 63 f1 ad 91 7f 91 2d 59-0d f9 c5 ba 85 02 88 04   c.....-Y........
    0090 - b1 29 e6 00 67 c0 50 e8-36 e6 ac 1a 2c b0 69 94   .)..g.P.6...,.i.
    00a0 - b2 cd 79 65 29 5a 6f 32-2e 5a 4a 15 6d 26 48 09   ..ye)Zo2.ZJ.m&H.
    00b0 - 3a 93 99 b3 25 45 b4 25-2d d3 26 5d c4 44 3c 79   :...%E.%-.&].D<y
    00c0 - 00 72 06 6d 80 e3 89 c7-49 47 48 d0 a5 1e 4d dc   .r.m....IGH...M.
    00d0 - 0f 11 49 2f 34 53 76 db-d5 de 13 65 9d 60 1c 94   ..I/4Sv....e.`..
    00e0 - 4f 05 3d fd 2f bd 2c fe-1f 09 e8 63               O.=./.,....c

    Start Time: 1616150180
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 6C7BD7A939C1D185FF08B3503A9C2F534F4D9541E652494EAB2DDC687924B316
    Session-ID-ctx: 
    Resumption PSK: 443EDBAE67C3D510E2F5EB2870D099A720496B623269C5AA2CB1F166C97DDF9F9341EFD22336EB56514564DE59B084D2
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 172800 (seconds)
    TLS session ticket:
    0000 - 01 41 e6 ab cb f9 5b fe-76 79 f3 e5 73 ad 10 d8   .A....[.vy..s...
    0010 - 02 d4 39 70 ea 0d d4 e5-7f c4 7f 9e e2 54 bc e2   ..9p.........T..
    0020 - 45 08 99 49 91 e0 00 41-43 53 d8 fb 9b 36 c2 1d   E..I...ACS...6..
    0030 - f6 c6 b3 90 9c d5 84 99-72 62 91 6a d6 1c 6f d6   ........rb.j..o.
    0040 - dc 85 82 34 4d 5d 34 58-b7 99 ee bc 31 d2 88 0d   ...4M]4X....1...
    0050 - a4 11 e6 9d fe fa 4f d1-52 16 81 08 4f a1 05 88   ......O.R...O...
    0060 - 74 db 0a 50 71 09 fc 2a-5c 8c 20 05 16 95 cf e0   t..Pq..*\. .....
    0070 - 3d f5 06 9c 6e 5f 54 67-65 df 07 1f 4e ea d9 e2   =...n_Tge...N...
    0080 - b5 78 5f 61 3f a8 08 64-cb 06 4f 35 cc 83 d2 b4   .x_a?..d..O5....
    0090 - 8a 2f 50 76 3b 95 37 b2-d9 aa 29 21 4e 01 3e ca   ./Pv;.7...)!N.>.
    00a0 - 49 fc bb 4d 13 ef 9b c5-37 31 2b 5a b7 74 e8 54   I..M....71+Z.t.T
    00b0 - ee c0 bd 3b d6 7c 73 a8-0e 2b 36 db f4 23 c5 e3   ...;.|s..+6..#..
    00c0 - 3d 57 93 a2 5b 08 e0 a4-b0 50 5f 1b ce 0e 3a a6   =W..[....P_...:.
    00d0 - 42 14 39 8c 8a f0 90 88-64 c9 38 29 67 c6 1f 8a   B.9.....d.8)g...
    00e0 - 0d 58 f5 15 01 04 2d 9f-4a 82 cd a8               .X....-.J...

    Start Time: 1616150180
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
220 smtp.gmail.com ESMTP c2sm5805947wme.15 - gsmtp
^C
root@a38bd1710df0:/# openssl s_client -connect smtp.gmail.com:587
CONNECTED(00000003)
140235754124416:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 306 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

@siddjellali commented on GitHub (Mar 19, 2021): Hi, It seems the same issue appears again... Anyone Else has the issue ? ``` root@a38bd1710df0:/# openssl s_client -connect smtp.gmail.com:465 CONNECTED(00000003) depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign verify return:1 depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com verify return:1 --- Certificate chain 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com i:C = US, O = Google Trust Services, CN = GTS CA 1O1 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1 i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign --- Server certificate -----BEGIN CERTIFICATE----- MIIExjCCA66gAwIBAgIQVaARneYUhJ4FAAAAAId/fDANBgkqhkiG9w0BAQsFADBC MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw EQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIxMDIyMzE1NDEyOFoXDTIxMDUxODE1NDEy N1owaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFzAVBgNVBAMTDnNt dHAuZ21haWwuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz5t6F4A0l3nC l+KAgd1NdLXCIU8oAmMPijon/g68gFbsViPZSlWXhrArCnqNlUT8GbEdcFj9icKy Bu3w4fRliqOCAlswggJXMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF BQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRB4vZADwgT77UkdUlSQWDDbHLj 0DAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBoBggrBgEFBQcBAQRc MFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29nL2d0czFvMWNvcmUw KwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwGQYD VR0RBBIwEIIOc210cC5nbWFpbC5jb20wIQYDVR0gBBowGDAIBgZngQwBAgIwDAYK KwYBBAHWeQIFAzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnBraS5nb29n L0dUUzFPMWNvcmUuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUAfT7y+I// iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF3z8RgtAAABAMARjBEAiBMVvzP 0VlhlUAQ2xdmgelVJRUkQQKQ3eU8JKrqC99TjwIgDvuhxAo6uoH6AjiI1/CDvcpN OANtGlBm5FX5SabqwfcAdgBElGUusO7Or8RAB9io/ijA2uaCvtjLMbU/0zOWtbaB qAAAAXfPxGGoAAAEAwBHMEUCIQD7FFCH3J3+yer1NThMYgOOGNqYEyoo1uHHTwiU HF1L8AIgfdngbodie3HDo0nx0n0JFPsEDvCx3j6AuPc8ACjZ9hgwDQYJKoZIhvcN AQELBQADggEBAB7fhKIaCwxGFROxc7mI2ZZHd0WYp0BWKEUqc7P3Khmr2skJ17bn vdmAI4SNwrVgLkVJyLUfwf9N2i1xRsymZGvonxwjSSlqjvuBJkwnMsnQxsCNXGNU UB9C1T/4EygpoeL9ed9912KsiHuaJE4Kkqobl0/TnDqzLY2IXyR3CMhLnbSzTxTu nlYB6n+CScYhnywHPnR89XW0i8RgcBHU6JIRdn0QyOxMQ8Yz3Xg56uPHkaXTIwLq o1BgdkkdUvlz4+13dqywVfl0FPkKDuYZ5dvcB7lAM84Fzot824BjoFGBVum5iaQi qU3C697yW0MvW+HRVM4CPirCZggWbiVru3Q= -----END CERTIFICATE----- subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com issuer=C = US, O = Google Trust Services, CN = GTS CA 1O1 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 2638 bytes and written 386 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: D1611E0C63D459F95D3E0F04C935A053E024AB82080A08DFDE9D1FD91493F89C Session-ID-ctx: Resumption PSK: ABDB4DE7644B6C8BB45E59C3BBAA14BDE7E37BF083B011014ECBE6E233C2172AC19BC86ED51118830CFCD5DF5209515C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 172800 (seconds) TLS session ticket: 0000 - 01 41 e6 ab cb f9 5b fe-76 79 f3 e5 73 ad 10 d8 .A....[.vy..s... 0010 - 1e 68 fb d9 56 fa 61 2f-1b 0c d0 7d 2c 9e b8 0b .h..V.a/...},... 0020 - cc e1 be a2 3f 36 92 93-df b2 20 12 0a f9 18 4b ....?6.... ....K 0030 - 4d 01 c2 60 41 4e 68 5c-d3 d6 21 cb b2 62 8c bf M..`ANh\..!..b.. 0040 - 3b 4b 10 cb 25 d8 a4 77-34 d2 a8 ae f3 33 7e 3d ;K..%..w4....3~= 0050 - e2 f3 cf 71 01 1d bc e8-5e 4e 11 b3 5c 2a 3a bb ...q....^N..\*:. 0060 - 5b cc 93 b2 4c 46 e8 df-9d ee 37 d4 c9 a4 7f 84 [...LF....7..... 0070 - 3b d4 98 3a ae 41 40 d1-56 cb 56 26 58 30 62 20 ;..:.A@.V.V&X0b 0080 - 63 f1 ad 91 7f 91 2d 59-0d f9 c5 ba 85 02 88 04 c.....-Y........ 0090 - b1 29 e6 00 67 c0 50 e8-36 e6 ac 1a 2c b0 69 94 .)..g.P.6...,.i. 00a0 - b2 cd 79 65 29 5a 6f 32-2e 5a 4a 15 6d 26 48 09 ..ye)Zo2.ZJ.m&H. 00b0 - 3a 93 99 b3 25 45 b4 25-2d d3 26 5d c4 44 3c 79 :...%E.%-.&].D<y 00c0 - 00 72 06 6d 80 e3 89 c7-49 47 48 d0 a5 1e 4d dc .r.m....IGH...M. 00d0 - 0f 11 49 2f 34 53 76 db-d5 de 13 65 9d 60 1c 94 ..I/4Sv....e.`.. 00e0 - 4f 05 3d fd 2f bd 2c fe-1f 09 e8 63 O.=./.,....c Start Time: 1616150180 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 6C7BD7A939C1D185FF08B3503A9C2F534F4D9541E652494EAB2DDC687924B316 Session-ID-ctx: Resumption PSK: 443EDBAE67C3D510E2F5EB2870D099A720496B623269C5AA2CB1F166C97DDF9F9341EFD22336EB56514564DE59B084D2 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 172800 (seconds) TLS session ticket: 0000 - 01 41 e6 ab cb f9 5b fe-76 79 f3 e5 73 ad 10 d8 .A....[.vy..s... 0010 - 02 d4 39 70 ea 0d d4 e5-7f c4 7f 9e e2 54 bc e2 ..9p.........T.. 0020 - 45 08 99 49 91 e0 00 41-43 53 d8 fb 9b 36 c2 1d E..I...ACS...6.. 0030 - f6 c6 b3 90 9c d5 84 99-72 62 91 6a d6 1c 6f d6 ........rb.j..o. 0040 - dc 85 82 34 4d 5d 34 58-b7 99 ee bc 31 d2 88 0d ...4M]4X....1... 0050 - a4 11 e6 9d fe fa 4f d1-52 16 81 08 4f a1 05 88 ......O.R...O... 0060 - 74 db 0a 50 71 09 fc 2a-5c 8c 20 05 16 95 cf e0 t..Pq..*\. ..... 0070 - 3d f5 06 9c 6e 5f 54 67-65 df 07 1f 4e ea d9 e2 =...n_Tge...N... 0080 - b5 78 5f 61 3f a8 08 64-cb 06 4f 35 cc 83 d2 b4 .x_a?..d..O5.... 0090 - 8a 2f 50 76 3b 95 37 b2-d9 aa 29 21 4e 01 3e ca ./Pv;.7...)!N.>. 00a0 - 49 fc bb 4d 13 ef 9b c5-37 31 2b 5a b7 74 e8 54 I..M....71+Z.t.T 00b0 - ee c0 bd 3b d6 7c 73 a8-0e 2b 36 db f4 23 c5 e3 ...;.|s..+6..#.. 00c0 - 3d 57 93 a2 5b 08 e0 a4-b0 50 5f 1b ce 0e 3a a6 =W..[....P_...:. 00d0 - 42 14 39 8c 8a f0 90 88-64 c9 38 29 67 c6 1f 8a B.9.....d.8)g... 00e0 - 0d 58 f5 15 01 04 2d 9f-4a 82 cd a8 .X....-.J... Start Time: 1616150180 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK 220 smtp.gmail.com ESMTP c2sm5805947wme.15 - gsmtp ^C root@a38bd1710df0:/# openssl s_client -connect smtp.gmail.com:587 CONNECTED(00000003) 140235754124416:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 306 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- ```

OVERLORD referenced this issue 2026-02-05 04:55:40 +03:00

[PR #701] [MERGED] Trying to fix issue #687 #2754

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#687