Page 2 of 2
Re: SMTP security - 'None' doesnt appear to work
Posted: Mon May 20, 2019 3:56 am
by veehexx
PM'd with link to files.
Re: SMTP security - 'None' doesnt appear to work
Posted: Mon May 20, 2019 4:18 pm
by ssax
Looks like TLS1.2 is what we want based on the output.
I wonder if this is related, from
/usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php:
Code: Select all
//Allow the best TLS version(s) we can
$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
[b]//PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT[/b]
//so add them back in manually if we can
if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
}
What version of PHP are you running?
I read this:
Constants added in PHP 5.6 :
STREAM_CRYPTO_METHOD_ANY_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
STREAM_CRYPTO_METHOD_ANY_SERVER
STREAM_CRYPTO_METHOD_TLSv1_0_SERVER
STREAM_CRYPTO_METHOD_TLSv1_1_SERVER
STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
Now, be careful because since PHP 5.6.7, STREAM_CRYPTO_METHOD_TLS_CLIENT (same for _SERVER) no longer means any tls version but tls 1.0 only (for "backward compatibility"...).
Here:
https://www.php.net/manual/en/function. ... crypto.php
Re: SMTP security - 'None' doesnt appear to work
Posted: Mon May 20, 2019 4:21 pm
by ssax
For testing you could try the code in
/usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php and changing it from this:
Code: Select all
//Allow the best TLS version(s) we can
$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
//PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT
//so add them back in manually if we can
if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
}
To this:
Code: Select all
//Allow the best TLS version(s) we can
$crypto_method = STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
//PHP 5.6.7 dropped inclusion of TLS 1.1 and 1.2 in STREAM_CRYPTO_METHOD_TLS_CLIENT
//so add them back in manually if we can
// if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
// $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
// $crypto_method |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
// }
Re: SMTP security - 'None' doesnt appear to work
Posted: Tue May 21, 2019 5:35 am
by veehexx
php version 5.3.3
Code: Select all
#php -v
PHP 5.3.3 (cli) (built: Mar 22 2017 12:27:09)
edited /usr/local/nagiosxi/html/includes/phpmailer/class.smtp.php and sent a test email.
nagios seems to lag out where the entire webUI attempts to load other pages but will just sit there trying to load.
it'll eventually free up after a few minutes and i get the following errors when using TLS security:
exchange 2019 logs:
2019-05-21T10:21:28.770Z,EX1\Default Frontend EX1 (:25),08D6DD1AF90B3E2B,7,exch2019_IP:25,nagiosxi_IP:37352,*,,TLS negotiation failed with error SocketError
Re: SMTP security - 'None' doesnt appear to work
Posted: Tue May 21, 2019 2:38 pm
by ssax
Please create a ticket for this and include a link back to this forum thread so we can get a remote session setup:
https://support.nagios.com/tickets/
Re: SMTP security - 'None' doesnt appear to work
Posted: Thu May 23, 2019 3:48 am
by veehexx
will do.
probably have to wait till next tuesday though. got some priority work likely going on for the next 2 days and being UK based, theres a bank holiday on Monday.
Re: SMTP security - 'None' doesnt appear to work
Posted: Thu May 23, 2019 4:45 pm
by benjaminsmith
will do.
probably have to wait till next tuesday though. got some priority work likely going on for the next 2 days and being UK based, theres a bank holiday on Monday.
Sounds good. We'll wait for your ticket on Tuesday.
Re: SMTP security - 'None' doesnt appear to work
Posted: Tue May 28, 2019 12:09 pm
by ssax
Locking thread, ticket received, we will continue support through the ticket.