SMTP security - 'None' doesnt appear to work

[veehexx]

PM'd with link to files.

[ssax]

Looks like TLS1.2 is what we want based on the output.

I wonder if this is related, from /usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php:

Code: Select all

        //Allow the best TLS version(s) we can
        $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;

        [b]//PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT[/b]
        //so add them back in manually if we can
        if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
        }

What version of PHP are you running?

Code: Select all

su - nagios
php -v

I read this:

Constants added in PHP 5.6 :

STREAM_CRYPTO_METHOD_ANY_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_ANY_SERVER
STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
STREAM_CRYPTO_METHOD_TLSv1_1_SERVER
STREAM_CRYPTO_METHOD_TLSv1_2_SERVER

Now, be careful because since PHP 5.6.7, STREAM_CRYPTO_METHOD_TLS_CLIENT (same for _SERVER) no longer means any tls version but tls 1.0 only (for "backward compatibility"...).

Here:

https://www.php.net/manual/en/function. ... crypto.php

[ssax]

For testing you could try the code in /usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php and changing it from this:

Code: Select all

        //Allow the best TLS version(s) we can
        $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;

        //PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT
        //so add them back in manually if we can
        if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
            $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
        }

To this:

Code: Select all

        //Allow the best TLS version(s) we can
        $crypto_method = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;

        //PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT
        //so add them back in manually if we can
       // if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
         //   $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
          //  $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
       // }

[veehexx]

php version 5.3.3

Code: Select all

#php -v
PHP 5.3.3 (cli) (built: Mar 22 2017 12:27:09)

edited /usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php and sent a test email.
nagios seems to lag out where the entire webUI attempts to load other pages but will just sit there trying to load.
it'll eventually free up after a few minutes and i get the following errors when using TLS security:

exchange 2019 logs:

2019-05-21T10:21:28.770Z,EX1\Default Frontend EX1 (:25),08D6DD1AF90B3E2B,7,exch2019_IP:25,nagiosxi_IP:37352,*,,TLS negotiation failed with error SocketError

[ssax]

Please create a ticket for this and include a link back to this forum thread so we can get a remote session setup:

https://support.nagios.com/tickets/

[veehexx]

will do.
probably have to wait till next tuesday though. got some priority work likely going on for the next 2 days and being UK based, theres a bank holiday on Monday.

[benjaminsmith]

will do.
probably have to wait till next tuesday though. got some priority work likely going on for the next 2 days and being UK based, theres a bank holiday on Monday.

Sounds good. We'll wait for your ticket on Tuesday.

[ssax]

Locking thread, ticket received, we will continue support through the ticket.