There is a error on send any email via SMTP over TLS port 465. Unsecure over port 25 works. The same secrets work on other clients, thunderbird, fritzbox-router within TLS.
some logs over SMTP_DEBUG
[2022-01-06 17:06:06.335][vaultwarden::mail][DEBUG] SMTP lettre::transport::smtp::Error {
kind: Connection,
source: Failure(
Ssl(
Error {
code: ErrorCode(
1,
),
cause: Some(
Ssl(
ErrorStack(
[
Error {
code: 337260938,
library: “SSL routines”,
function: “tls_process_ske_dhe”,
reason: “dh key too small”,
file: “…/ssl/statem/statem_clnt.c”,
line: 2150,
…
X509VerifyResult {
code: 18,
error: “self signed certificate”,
…
[2022-01-06 17:06:06.336][vaultwarden::mail][ERROR] SMTP Connection error: error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:…/ssl/statem/statem_clnt.c:2150: (self signed certificate)
[2022-01-06 17:06:06.337][response][INFO] POST /admin/test/smtp (test_smtp) => 400 Bad Request
I was renew the cert from the email-server, unfortunately no improvement.
Please help me to analyse and solve the issue.
Self signed certs could cause issues.
If it is not possible to generate a valid cert than either disable ssl/tls or disable certificate checking.
See vaultwarden/.env.template at main · dani-garcia/vaultwarden · GitHub
Thank you for the message.
Unfortunately I have no success with the option [Accept Invalid Certs].
I was tested all combinations.
In my opinion the options don’t work properly.
Btw, other software, docker container works fine within ssl options.
Now, it’s possible to report this issue as a bug to the developer?
Best Regards, WR
Looking at the reported message again, it also reports DH Key too small.
So the SMTP server is using a very small DH Key for the SSL Encryption., in that case only ignoring the Self Signed Certificate will not work.
Reporting a bug regarding this to Vaultwarden will not work, since we can’t fix that.
There are some workarounds to still allow small DH key’s: How to resolve the issue "DH key too small" - IMLC.ME
But i do not recommend to apply that, nor am i willing to build something in into the Vaultwarden images to allow this as this could pose a security risk.
My suggestion is to increase the DH Key of your SMTP server which will be beneficial for all application regarding the security that connect to this SMTP Server.