SMTP sending fails: TLS Fatal - Handshake Failure

[CodeOfTim]

Hi :wave:

I am trying to send a campaign with a self hosted version of Keila but I always get this error:

11:15:37.224 [notice] TLS :client: In state :hello received SERVER ALERT: Fatal - Handshake Failure

This is the sender config:

Note that Using a python mail client I can connect using STARTTLS port 25.

Also I can run

apk add openssl
openssl s_client -connect ebr.bayer.com:25 -starttls smtp

in the Keila docker container and it connects successfully.

I tested this on pentacent/keila:0.14 and pentacent/keila:0.12.8 Also other Mail Endpoints seem to be working fine in Keila.

Can you help me figure out if this is a problem with Keila? Thank you for any help!

[wmnnd]

Hey there, thanks for reporting this issue! Would you feel comfortable sharing a set of credentials on this server with me for further debugging? You can send an email to hello [at] keila [dot] io.

[wmnnd]

Upon taking a closer look, I finally figured out what the issue was:

Keila used :tls_certificate_check.options/1 to specify the :tls_options in the SMTP Swoosh config. Swoosh normally defaults :tls_options to [versions: [:"tlsv1", :"tlsv1.1", :"tlsv1.2"]] - and the :versions keyword was missing from what tls_certificate_check.options/1 produced.

This caused the error TLS client: In state hello at tls_record.erl:561 generated CLIENT ALERT: Fatal - Unexpected Message\n {unsupported_record_type,50

Since tls_options and sockopts are eventually merged by Swoosh/gen_smtp, we now put the results of :tls_certificate_check:options/1 into sockopts, thus keeping the default tls_options with the versions keyword intact.

The fix is now available in Keila 0.14.1.