TLS 1.2 - Error: EHLO not accepted from server!

Jasperz wrote: ↑

Wed May 10, 2023 1:53 am

Hi folks,

I know that this has been asked a couple times on this forum, but none of the solutions provided worked for me.

The issue:
We have an OpenCart v3.0.2.0 running. Today, our hoster has disabled the TLS 1.0 and 1.1 versions. Since then, every time we do something on our OpenCart that triggers and email (registering a new account, finishing an order) fails and results in this message:

Code: Select all

Fatal error: Uncaught exception 'Exception' with message 'Error: EHLO not accepted from server!' in /var/www/vhosts/join-together.de/shop.join-together.de/system/library/mail/smtp.php:157 

As far as I understand, this has to do with the email settings in open cart (see the screenshot attached for more details).
I've tried removing the tls://, changing it to ssl:// (and changing the port to 465 of course), nothing works. Also tried forcing .php with the "curl_setopt($curl, CURLOPT_SSLVERSION, 6);".

What does work is changing the SMTP to php.Mail (the first dropdown). However, Google rejects emails that have been send this way (because they're lacking DKIM or SPF authentication).

Had anyone this issue before and knows how to fix it? What do I need to change in order to make email work again (preferrably the smtp version)?
In case it helps, I wrote this short .php script that reads the current TLS version - it's 1.2 it seems: https://shop.join-together.de/test_tsl.php

Cue4cheap wrote: ↑

Wed May 10, 2023 2:02 am

How about asking your host for all the details... #1 What port you should be using

Jasperz wrote: ↑

Wed May 10, 2023 3:57 am

Cue4cheap wrote: ↑

Wed May 10, 2023 2:02 am

How about asking your host for all the details... #1 What port you should be using

That was the first thing I tried - without any success.


@straightlight What admin settings do you mean? Where can I find them?

ADD Creative wrote: ↑

Wed May 10, 2023 7:17 am

What version of PHP are you using? You will need by on 7.2 or greater for TLS 1.2 without making changes to the stream_socket_enable_crypto settings in the SMTP class.

by mona wrote: ↑

Wed May 10, 2023 6:10 pm

In version 3.0.2.0, "Error: EHLO not accepted from server" has nothing to do with tls or ssl as the EHLO command is send after the connection has been established but before tls is even started.
Most likely, your mail server does not respond fast enough to the EHLO (Extended Hello) command afterwhich the class triggers an exception.
First try setting the timeout higher or use the class from later versions where it does several retries when response is slow.

PS. the email parameter is only used when using php mail, not by smtp.

Jasperz wrote: ↑

Wed May 10, 2023 1:53 am

Today, our hoster has disabled the TLS 1.0 and 1.1 versions.

paulfeakins wrote: ↑

Thu May 11, 2023 6:51 pm

Jasperz wrote: ↑

Wed May 10, 2023 1:53 am

Today, our hoster has disabled the TLS 1.0 and 1.1 versions.

Surely they should have given you some warning to give you time to do some testing and get a fix in place *before* they changed it?

ADD Creative wrote: ↑

Thu May 11, 2023 4:35 pm

I've done a pull request for the security issue.
https://github.com/opencart/opencart/pull/12321