Mon 7 Oct 2019 2:45PM

Maling Issue: SSL wrong version number

CB Charles B. Public Seen by 82

I'm new to a lots of tools here (docker, loomio, etc.) and while I nearly manage to run my loomio on my server I failed to correctly send mail with loomio.

I have installed loomio following the official documentation available here : https://github.com/loomio/loomio-deploy/
I have it set up on a server which was not running anything (yet).
I set it up to be run on a subdomain that I own (loomio.mydomain.org)
* I had a first headeack because the .env file is never read when I run the docker-compose up -d command (I manually had them to my environment).

But the issue is the following : I setup a sparkpost account and am able to send mail (tested through swaks) from the server.

But the loomio mailer always failed with this error:
> loomio-worker | Sent mail to my.email@indie.host (367.2ms)
loomio-worker | [Worker(host:ed4ede424a84 pid:7)] Job UserMailer.login (id=73) FAILED (0 prior attempts) with OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: wrong version number
loomio-worker | 2019-10-07T15:00:12+0000: [Worker(host:ed4ede424a84 pid:7)] Job UserMailer.login (id=73) FAILED (0 prior attempts) with OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: wrong version number

I read some mail And tryed some openssl commandes:
From my server:
openssl s_client -connect smtp.sparkpostmail.com:587
> CONNECTED(00000003)
> 140665815314496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 5 bytes and written 176 bytes
Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Protocol : TLSv1.2
Cipher : 0000
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1570460833
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
> ---

From the container:
docker exec -ti loomio-worker openssl s_client -connect smtp.sparkpostmail.com:587
> CONNECTED(00000003)
> 139668762641536:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 5 bytes and written 314 bytes
Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

My server have both IPV4 and IPV6 addresses but I don't know if that helps.

I'm sorry I'm kinda lost here.


Rob Guthrie Mon 7 Oct 2019 9:07PM

Hi @Charles B. can you post your loomio SMTP config?


Charles B. Tue 8 Oct 2019 8:32AM

Hello Rob, sure my SMPT config are the following:

knowing that currently the loomio instance is served on subdomain.MyDomain.org (I don't know if that does a difference)


Rob Guthrie Wed 9 Oct 2019 7:10PM

Hi @Charles B. I came across this page:


The Loomio SMTP config lives in config/application.rb and it does not have the


option. I wonder if that would help.

Actually further reading from https://guides.rubyonrails.org/action_mailer_basics.html indicates to me that it's not what the problem is.

To be clear, Loomio does not really contain any SMTP code, this is working directly with Rails, so it's likely to be a solvable issue.

Sorry - SMTP is always so tricky to work out!


Charles B. Mon 14 Oct 2019 8:39AM

Thanks for your investigation, I had a similar conclusion:
enable_starttls_auto being true by default it shouldn't be my issue.
However I'm kinda stuck here:
I have no idea where I should search for fixing that issue nor what is the exact command used by loomio to send mail.
Since I have a no knowledge about docker nor about rails, what would you recommand me to look for answers to my issue ?


Charles B. Tue 22 Oct 2019 2:06PM

I finally have drop the installation :(


Rob Guthrie Tue 22 Oct 2019 10:09PM

I'm really sorry Charles. I hope we will make this better some day, I'm just unable to work on it right now.

Thanks for trying, and for reporting the problems you found.


Charles B. Tue 22 Oct 2019 10:59PM

Hey Rob, no issue here.
I perfectly understand that :)
Just saying I going to stop trying for now and maybe I will try to resume later.

For now my believe is that it may be related to the starttls option, but am unable to test with it as my understanding of docker and ruby on rails is too shallow.

Keep up the good work out there Rob :)


Pablo Costa Mon 8 Mar 2021 11:58PM

I think this comment might have a hint about what's going on.

Running the stable container as of today (2 days old) — I'm looking at line 114 in config/application.rb and there is indeed a way to set the "verify mode" from an environment variable, but it defaults to 'none'.
config.action_mailer.smtp_settings = {
address: ENV['SMTP_SERVER'],
port: ENV['SMTP_PORT'],
authentication: ENV['SMTP_AUTH'],
user_name: ENV['SMTP_USERNAME'],
password: ENV['SMTP_PASSWORD'],
domain: ENV['SMTP_DOMAIN'],
openssl_verify_mode: ENV.fetch('SMTP_SSL_VERIFY_MODE', 'none')

I guess the "proper" way to configure SMTP would involve providing the ca_file or ca_path, or actually disabling the check.

Trying to reach the lower hanging fruit, I comment out the SMTP_USE_SSL variable in the env file, but I think Loomio is still attempting to use STARTTLS.

I would like to try setting enable_starttls_auto: false in the smtp_settings above but I don't know how to "restart" the application without killing the container :P

@robertguthrie do you think these parameters would be worthy of having its own variables in the env file? I'm afraid I don't have the base knowledge to change the source code and build a custom loomio container.


Rob Guthrie Tue 9 Mar 2021 11:30PM

I think the problem is you're not restarting properly, you need to destroy the container to have new environment variables take place.

All Loomio config and data lives outside the containers so you can do docker-compose down and up safely.


John Benedetto Thu 21 Jul 2022 1:28AM

I think what he means is how can you change the ruby configuration files (i.e. application.rb) and have the changes take effect? I would like to try changing parameters in that file to try and solve this problem. Is there a way to implement changes made to the loomio .rb files, within the container?


Rob Guthrie Thu 21 Jul 2022 10:37AM

Hi John, it's not easy to do that - however, if there are any config settings you'd like to be able to change but cannot, let me know, I'll add env support for them.

Here's the documentation for configuring SMTP in rails: https://guides.rubyonrails.org/v6.1/action_mailer_basics.html


John Benedetto Wed 20 Jul 2022 10:31PM

I am having the same problem as described in this post. I am able to SMTP authenticate by entering the container and connecting via openssl. Below are my SMTP settings and the error message received:

.env SMTP Settings:


loomio-worker error message:

"SSL_connect returned=1 errno=0 state=error: wrong version number","error_class":"OpenSSL::SSL::SSLError"

Any advice would be appreciated.


Rob Guthrie Thu 21 Jul 2022 10:33AM

Hi John. I've had a little search around, and I wonder if this is helpful:


If the problem is that office365 requires SMTP_USERNAME needs to be the same as the "from", then set NOTIFICATIONS_EMAIL_ADDRESS to the same value as SMTP_USERNAME in your env.

You could also try setting SMTP_SSL_VERIFY_MODE to one of: none, peer, client_once, fail_if_no_peer_cert


Rob Guthrie Thu 21 Jul 2022 10:39AM

Oh, this is interesting too: https://gist.github.com/Godoy/4648243