starred/cypht

Fork 0

mirror of https://github.com/cypht-org/cypht.git synced 2026-04-26 13:36:02 +03:00

[GH-ISSUE #267] Use TLS checkbox for SMTP server can be confusing #229

New issue

Closed

opened 2026-02-25 21:34:30 +03:00 by kerem · 6 comments

kerem commented

2026-02-25 21:34:30 +03:00

Owner

Originally created by @dominic-p on GitHub (Mar 13, 2018).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/267

Originally assigned to: @jasonmunro on GitHub.

Having just spent a few hours pulling out my hair, I realized that I didn't understand what the Use TLS checkbox meant for an SMTP server.

I am connecting to postfix using submission (on port 587) which expects a STARTTLS transaction. In order for this to work you have to uncheck the Use TLS checkbox. This was counter-intuitive to me (I want to use STARTTLS so I should uncheck Use TLS). I definitely didn't want to connect unencrypted, so I thought my only option was to check the box. I didn't realize that when the checkbox is unchecked Cypht will automatically try STARTTLS if it is available.

After figuring this out, I found the explanation here, but it would have been awesome if there was a little blurb in the UI explaining that "Use TLS" must be disabled if you want to use STARTTLS.

For anyone else that runs into this, when I was attempting to connect to my postfix SMTP server on port 587 with the Use TLS checkbox on I got a super helpful SSL3_GET_RECORD:wrong version number error in my PHP logs (after I enabled Cypht debug mode and removed the error suppression from the stream_socket_client call...why swallow errors there?).

When examining the postfix logs I saw messages about lost client after UNKNOWN. It looks like after postfix sends the banner message, PHP sends something that can't be understood (not the expected EHLO) which is rendered as ??? in the logs.

Don't take this is a rant. I really like the software. I just wanted to post this to help anyone else that thinks like me. :)

Originally created by @dominic-p on GitHub (Mar 13, 2018). Original GitHub issue: https://github.com/cypht-org/cypht/issues/267 Originally assigned to: @jasonmunro on GitHub. Having just spent a few hours pulling out my hair, I realized that I didn't understand what the Use TLS checkbox meant for an SMTP server. I am connecting to postfix using submission (on port 587) which expects a STARTTLS transaction. In order for this to work you have to _uncheck_ the Use TLS checkbox. This was counter-intuitive to me (I want to use STARTTLS so I should uncheck Use TLS). I definitely didn't want to connect unencrypted, so I thought my only option was to check the box. I didn't realize that when the checkbox is unchecked Cypht will automatically try STARTTLS if it is available. After figuring this out, I found the [explanation here](https://github.com/jasonmunro/cypht/issues/111#issuecomment-320008863), but it would have been awesome if there was a little blurb in the UI explaining that "Use TLS" must be disabled if you want to use STARTTLS. For anyone else that runs into this, when I was attempting to connect to my postfix SMTP server on port 587 with the Use TLS checkbox on I got a super helpful `SSL3_GET_RECORD:wrong version number` error in my PHP logs (after I enabled Cypht debug mode and removed the [error suppression](https://github.com/jasonmunro/cypht/blob/e862bac44606c5f13f26a46a293a9f24be147900/lib/framework.php#L184) from the `stream_socket_client` call...why swallow errors there?). When examining the postfix logs I saw messages about lost client after UNKNOWN. It looks like after postfix sends the banner message, PHP sends something that can't be understood (not the expected EHLO) which is rendered as `???` in the logs. Don't take this is a rant. I really like the software. I just wanted to post this to help anyone else that thinks like me. :)

kerem

2026-02-25 21:34:30 +03:00

closed this issue
added the
enhancement

smtp
labels

kerem commented

2026-02-25 21:34:30 +03:00

Author

Owner

@jasonmunro commented on GitHub (Mar 13, 2018):

Thanks for the feedback! I absolutely agree we need to do something to make this more clear. I will let you know when I commit a solution.

@jasonmunro commented on GitHub (Mar 13, 2018): Thanks for the feedback! I absolutely agree we need to do something to make this more clear. I will let you know when I commit a solution.

kerem commented

2026-02-25 21:34:30 +03:00

Author

Owner

@dumblob commented on GitHub (Mar 14, 2018):

Maybe just change Use TLS to Require TLS (STARTTLS is not enough).

@dumblob commented on GitHub (Mar 14, 2018): Maybe just change `Use TLS` to `Require TLS (STARTTLS is not enough)`.

kerem commented

2026-02-25 21:34:30 +03:00

Author

Owner

@dominic-p commented on GitHub (Mar 14, 2018):

Or, maybe instead of a checkbox it could be a radio?

o Require TLS
o Attempt STARTTLS (fallback to unencrypted)

@dominic-p commented on GitHub (Mar 14, 2018): Or, maybe instead of a checkbox it could be a radio? ``` o Require TLS o Attempt STARTTLS (fallback to unencrypted) ```

kerem commented

2026-02-25 21:34:30 +03:00

Author

Owner

@jasonmunro commented on GitHub (Mar 14, 2018):

Changed to radios:

o Use TLS
o STARTTLS or unencrypted

@jasonmunro commented on GitHub (Mar 14, 2018): Changed to radios: ``` o Use TLS o STARTTLS or unencrypted ```

kerem commented

2026-02-25 21:34:30 +03:00

Author

Owner

@Yamakasi commented on GitHub (Mar 14, 2018):

Good fix, I read about this yesterday and was thinking what would be the best idea indeed. I think this could be it.

@Yamakasi commented on GitHub (Mar 14, 2018): Good fix, I read about this yesterday and was thinking what would be the best idea indeed. I think this could be it.

kerem commented

2026-02-25 21:34:30 +03:00

Author

Owner

@jasonmunro commented on GitHub (Apr 15, 2018):

This is fixed in the master branch. Thanks again for the feedback!

@jasonmunro commented on GitHub (Apr 15, 2018): This is fixed in the master branch. Thanks again for the feedback!