How send email via port 587 with TLS?

trying:

import smtp, net

let ctx = newContext(protVersion = protTLSv1, verifyMode = CVerifyPeer, certFile = "mycert.pem", keyFile="mycertkey.pem")
let smtpConn = newSmtp(useSsl = false, debug=true, sslContext = ctx)
smtpConn.connect("smtp.office365.com", Port 587)
#smtpConn.connect("smtp.gmx.net", Port 587)
smtpConn.auth("***", "***")

get error: Error: unhandled exception: Expected 334 reply, got: 504 5.7.4 Unrecognized authentication type [DB6PR04CA0034.eurprd04.prod.outlook.com] [ReplyError]

for gmx.net: Error: unhandled exception: Expected 334 reply, got: 530 Must issue a STARTTLS command first [ReplyError]

2018-01-29 15:12:53
Tried with useSsl = true?
2018-01-29 15:34:04

Yes.

Then:

Error: unhandled exception: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number [SslError]

exception on: smtpConn.connect("smtp.office365.com", Port 587)

2018-01-29 15:42:23
@alexsad what is your OS and which SSL library are you using? It might be that you SSL library doesn't support SSLv3 which is now deprecated and unsupported on some linux distros (e.g. I'm using archlinux and here OpenSSL is compiled without SSLv2 and SSLv3 support) 2018-01-29 18:44:38

@woggioni no, here other issue if set parameter useSsl = true in newSmtp then error raise in net.nim

when defineSsl: #in our case true!
    if socket.isSSL: #in our case true!
      # RFC3546 for SNI specifies that IP addresses are not allowed.
      if not isIpAddress(address):
        # Discard result in case OpenSSL version doesn't support SNI, or we're
        # not using TLSv1+
        discard SSL_set_tlsext_host_name(socket.sslHandle, address)
      
      let ret = SSLConnect(socket.sslHandle)
      socketError(socket, ret) #in our case here error

sorry, I don't understand this block

2018-01-30 08:48:03
Anyway that error is related to the SSL protocol version the client and the server are trying to negotiate. See here for example. I think it little nothing to do with Nim SSL wrapper, you could try to connect with curl with a command like this
curl --url 'smtps://smtp.office365.com:587' --ssl-reqd --mail-from '[email protected]' --mail-rcpt '[email protected]' --upload-file mail.txt --user '[email protected]:password' --insecure
and check if you obtain a different result
2018-01-30 20:49:00

The sending email via curl is working for me properly on the same machine.

some debug info:

...

STARTTLS < 220 2.0.0 SMTP server ready

  • successfully set certificate verify locations:
  • CAfile: none CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):

} [data not shown]

  • SSLv3, TLS handshake, Server hello (2):

{ [data not shown]

  • SSLv3, TLS handshake, CERT (11):

{ [data not shown]

  • SSLv3, TLS handshake, Server key exchange (12):

{ [data not shown]

  • SSLv3, TLS handshake, Request CERT (13):

{ [data not shown]

  • SSLv3, TLS handshake, Server finished (14):

{ [data not shown]

  • SSLv3, TLS handshake, CERT (11):

} [data not shown]

  • SSLv3, TLS handshake, Client key exchange (16):

} [data not shown]

  • SSLv3, TLS change cipher, Client hello (1):

} [data not shown]

  • SSLv3, TLS handshake, Finished (20):

} [data not shown]

  • SSLv3, TLS change cipher, Client hello (1):

{ [data not shown]

  • SSLv3, TLS handshake, Finished (20):

{ [data not shown]

  • SSL connection using ECDHE-RSA-AES256-GCM-SHA384
  • Server certificate:
  • subject: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; CN=outlook.com
  • start date: 2017-09-13 00:00:00 GMT
  • expire date: 2018-09-13 12:00:00 GMT
  • issuer: C=US; O=DigiCert Inc; CN=DigiCert Cloud Services CA-1
  • SSL certificate verify ok.

...

CURL sends the STARTTLS command to server then starting TLS negotiation proceeds.

STARTTLS doesn't exist in smtp.nim.

Also I think STARTTLS and TLS negotiation proceeds is not implemented yet in smtp nim module.

2018-01-31 12:54:17

If you see this

error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
STARTTLS has already happened and OpenSSL has already come into play since that message comes from 'ssl_err.c:665' in OpenSSL source code (the line number refers to version 1.1.0g). There must be some problem with Nim's usage of OpenSSL in the net module (which is where the library is called, you will not see it in smtp.nim)

UPDATE: I think the problem is in net.nim at line 496:

newCTX = SSL_CTX_new(SSLv23_method()) # SSlv2,3 and TLS1 support.
I suspect that, despite the comment, SSLv23_method just supports the old SSLv2 and SSLv3 protocols which are now deprecated on many servers, it should use TLSv1_method by default. Check here for documentation

2018-02-01 07:52:10

When you use SSL, you need to specify this parameter when compiling:

nim c -d:SSL xx.nim

2018-02-05 03:34:52