cancel
Showing results for 
Search instead for 
Did you mean: 

How to force Magento 2 to use specific TLS verion

SOLVED

How to force Magento 2 to use specific TLS verion

Since transactional emails constantly ended up in spam, we started to use SMTP authentication in 2020. We are using the Mageplaza SMTP module v4.7.0 (latest) with the updated Mageplaza Core plugin.

Host is smtp.office365.com (with TLS on port 587) and till the end of year 2021 no issues were detected. Now we  occasionally get the error: 
421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2. 

The reason supposes to be explained here: 
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-opt-in-endpoint-available-for-smtp-aut...

However, the hosting that we are using for Magento store, is using cPanel which already fully supports TLS version 1.2. We did not detect issues like that with any other mail host, as they are mostly used in combination with SSL on port 465.

As long as our server support and Mageplaza support do not know how to assist us on fixing this problem, we are now trying to find a way how to force usage of specific TLS version (1.2) on server-side or either in Magento.

Thank you in advance for helping us understand where our issue actually coming from.





1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to force Magento 2 to use specific TLS verion

If maybe someone else is facing this issue:

After confirming that the server absolutely supports TLS version 1.2 via this tool:
https://www.ssllabs.com/ssltest/ , we forced the use of specifc tls version used by magento with:

in file /vendor/magento/zendframework1/library/Zend/Mail/Protocol/Smtp.php

change line:
if (!stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {

 

with:
if (!stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT)) {


The solution is addressing M2.2.0. Higher versions of Magento have this exception already built-in.

View solution in original post

1 REPLY 1

Re: How to force Magento 2 to use specific TLS verion

If maybe someone else is facing this issue:

After confirming that the server absolutely supports TLS version 1.2 via this tool:
https://www.ssllabs.com/ssltest/ , we forced the use of specifc tls version used by magento with:

in file /vendor/magento/zendframework1/library/Zend/Mail/Protocol/Smtp.php

change line:
if (!stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {

 

with:
if (!stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT)) {


The solution is addressing M2.2.0. Higher versions of Magento have this exception already built-in.