AkkomaGang/akkoma
AkkomaGang/akkoma
17
70
Fork 118
Code Issues 149 Pull requests 16 Projects 2 Releases 24 Packages Wiki Activity

[bug] [on stable] "Use SSL" shows "off", while elsewhere it gets defaulted to "on" #953

New issue
Closed
opened 2025-07-26 13:12:01 +00:00 by shadowjonathan · 3 comments
shadowjonathan commented 2025-07-26 13:12:01 +00:00
Contributor
Copy link

Your setup

From source

Extra details

Debian 12

Version

No response

PostgreSQL version

No response

What were you trying to do?

Use a STARTTLS-only mail setup, which has SSL disabled

I leave the "use SSL" to "off" in the settings, which its default in the UI

What did you expect to happen?

For it to not use SSL

What actually happened?

It started complaining about "unsupported TLS message", and when looking through wireshark, it was sending a TLS client hello to a non-TLS submission socket (587), which made the server break the connection

This happens through this bit here:

Line 104 in 5bceb1d
ssl: true,

which does not reflect the UI

Logs

14:55:34.326 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 50}

14:55:34.354 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 50}

14:55:34.380 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 50}

14:55:34.438 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 50}

14:55:34.460 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 50}

14:55:34.482 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 50}
** (MatchError) no match of right hand side value: {:error, {:retries_exceeded, {:network_failure, ~c"[REDACTED]", {:error, {:tls_alert, {:unexpected_message, ~c"TLS client: In state hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message\n {unsupported_record_type,50}"}}}}}}
    (pleroma 3.15.2) lib/mix/tasks/pleroma/email.ex:24: Mix.Tasks.Pleroma.Email.run/1
    (mix 1.18.2) lib/mix/task.ex:495: anonymous fn/3 in Mix.Task.run_task/5
    (mix 1.18.2) lib/mix/cli.ex:107: Mix.CLI.run_task/2
    /var/lib/akkoma/.asdf/installs/elixir/1.18.2-otp-27/bin/mix:2: (file)

Severity

I cannot use it as easily as I'd like

Have you searched for this issue?

  • I have double-checked and have not found this issue mentioned anywhere.
### Your setup From source ### Extra details Debian 12 ### Version _No response_ ### PostgreSQL version _No response_ ### What were you trying to do? Use a STARTTLS-only mail setup, which has SSL disabled I leave the "use SSL" to "off" in the settings, which its default in the UI ### What did you expect to happen? For it to not use SSL ### What actually happened? It started complaining about "unsupported TLS message", and when looking through wireshark, it was sending a TLS client hello to a non-TLS submission socket (587), which made the server break the connection This happens through this bit here: https://akkoma.dev/AkkomaGang/akkoma/src/commit/5bceb1d9b9e8cc22b402b7e6c63f892e23b9dbc8/lib/pleroma/emails/mailer.ex#L104 which does not reflect the UI ### Logs ```shell 14:55:34.326 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message - {:unsupported_record_type, 50} 14:55:34.354 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message - {:unsupported_record_type, 50} 14:55:34.380 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message - {:unsupported_record_type, 50} 14:55:34.438 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message - {:unsupported_record_type, 50} 14:55:34.460 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message - {:unsupported_record_type, 50} 14:55:34.482 [notice] TLS :client: In state :hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message - {:unsupported_record_type, 50} ** (MatchError) no match of right hand side value: {:error, {:retries_exceeded, {:network_failure, ~c"[REDACTED]", {:error, {:tls_alert, {:unexpected_message, ~c"TLS client: In state hello at tls_record.erl:532 generated CLIENT ALERT: Fatal - Unexpected Message\n {unsupported_record_type,50}"}}}}}} (pleroma 3.15.2) lib/mix/tasks/pleroma/email.ex:24: Mix.Tasks.Pleroma.Email.run/1 (mix 1.18.2) lib/mix/task.ex:495: anonymous fn/3 in Mix.Task.run_task/5 (mix 1.18.2) lib/mix/cli.ex:107: Mix.CLI.run_task/2 /var/lib/akkoma/.asdf/installs/elixir/1.18.2-otp-27/bin/mix:2: (file) ``` ### Severity I cannot use it as easily as I'd like ### Have you searched for this issue? - [x] I have double-checked and have not found this issue mentioned anywhere.
floatingghost commented 2025-07-26 22:32:26 +00:00
Owner
Copy link

ah, ok, I know what's going on

this isn't strictly a bug but a UI /defaults issue

if there no value in the database, it'll show as false - but the config resolution will require an explicit false to override the default

try switching SSL on, saving, then off again -i have a hunch that it'll work

ah, ok, I know what's going on this isn't strictly a bug but a UI /defaults issue if there _no_ value in the database, it'll show as false - but the config resolution will require an explicit false to override the default try switching SSL on, saving, then off again -i have a hunch that it'll work
shadowjonathan commented 2025-07-27 08:22:45 +00:00
Author
Contributor
Copy link

That indeed works, but the bug report is wrt the UI inconsistency

That indeed works, but the bug report is wrt the UI inconsistency
Oneric commented 2025-07-29 19:00:15 +00:00
Owner
Copy link

Unless there’s a garbage icon next to the setting in admin-fe, the setting is not set at all (in the database). Whatever state the input field assumes is similar to the value in the config file (or its lack therein).
In a similar vein an empty text field with and without garbage icon can also behvave differently: without it may be nil and use some fallback value or skip some logic, with its an explicit empty string.

Afaik there’s no way to tell admin-fe to assume a specific value if a value exists in neither the config file nor db.

We cannot put ssl: true in the default config since this name may not exist for different mailer backends or have a different meaning. Thus the defaults are inserted at runtime.
Not defaulting to ssl: true will be detrimental for most mail setups.

I’ll put a note in the settings description which should give enough of a hint to try setting it explicitly when encountering problems.
If you want a more explicit display for unset values in admin-fe, patches to improve the former (or taking up work on its replacement) are welcome.

Unless there’s a garbage icon next to the setting in admin-fe, the setting is not set at all (in the database). Whatever state the input field assumes is _similar_ to the value in the config file *(or its lack therein)*. In a similar vein an empty text field with and without garbage icon can also behvave differently: without it may be `nil` and use some fallback value or skip some logic, with its an explicit empty string. Afaik there’s no way to tell admin-fe to assume a specific value if a value exists in neither the config file nor db. We cannot put `ssl: true` in the default config since this name may not exist for different mailer backends or have a different meaning. Thus the defaults are inserted at runtime. Not defaulting to `ssl: true` will be detrimental for most mail setups. I’ll put a note in the settings description which should give enough of a hint to try setting it explicitly when encountering problems. If you want a more explicit display for unset values in admin-fe, patches to improve the former *(or taking up work on [its replacement](https://akkoma.dev/AkkomaGang/akkoma/pulls/802))* are welcome.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
translations
link-tracking-stripper
stable
contributing
elixir-1.14
ci-builds-otp28
ci
otp28
backfill-expiry
db-prune-beastmode-level-aggression
better-stats
customizable-docker-db
static-adminfe
bad-uploader-config-warning
docker
user-expiry-backfill
config-db-keys
ensure-scrubbers-loaded
otp26
code-shaking-does-not-go-brr
elixir1.15
circleci
backup-fixes
mod-task
policy
mrf-coolness
frontend-switcher-9000
contentMap
language-on-posts
rabbit
credo-on-pr
unify-http
normalise-markup-by-default
buildx
v3.19.0
v3.18.1
v3.18.0
v3.17.0
v3.16.0
v3.15.2
v3.15.1
v3.15.0
v3.14.1
v3.14.0
v2.8.0
v2.7.1
v3.13.3
v2.7.0
v3.13.2
v2.6.3
v3.13.1
v3.13.0
snac-3.12.1.2
v3.12.2
snac-3.12.1.1
v3.12.1
v3.12.0
v3.11.0
v2.6.2
v2.6.1
2.6.1
v2.6.0
v2.5.5
v3.10.4
v3.10.3
v3.10.2
v3.10.1
v3.10.0
v2.5.4
v2.5.3
v3.9.3
v3.9.2
v3.9.1
V3.9.0
2023.05
v3.8.0
v3.7.1
v3.7.0
v3.6.0
v3.5.0
v2.4.5
v3.4.0
v3.3.1
v2.4.4
v3.3.0
v3.2.3
v3.2.2
v3.2.1
stable-202209
v3.2.0
v3.1.0
stable-2022.07
v3.0.0
v0.0.1
v2.5.2-6
v2.5.2-5
v2.5.2-4
v2.5.2-3
v2.5.2-2
v2.5.2-1
v2.5.2
v2.5.1
v2.5.0-8
v2.5.0-7
v2.5.0-6
v2.5.0-5
v2.5.0-4
v2.5.0-3
v2.5.0-2
v2.5.0-1
v2.5.0
v2.4.3
pre-rebase
v2.4.2
v2.4.1
v2.4.0
soapbox-v1.1.1
soapbox-v1.1.0
soapbox-v1.0.0
v2.3.0
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.1.9
v1.1.8
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.91
v1.0.90
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.9.0
Labels
Clear labels   
approved, awaiting change

   
broken setup

Issue arose from a misconfiguration by the admin, custom patches, manual db edits or similar

  
bug

Something is not working

  
cannot reproduce

   
configuration

This requires config changes

  
documentation

This is about human-readable docs

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
extremely low priority

   
feature request

Something new?

  
Fix it yourself

Support has been attempted

  
help wanted

Need some help

  
invalid

Something is wrong

  
mastodon_api

   
needs change/feedback

Issue or PR is stalled on response from the author or a third party

  
needs docs

   
needs tests

   
not a bug

   
not our bug

Bug in a dependency of ours (meaning we can't just fix it), or in another AP implementation or client interfacing with Akkoma (which needs to be fixed on their end)

  
planned

   
pleroma_api

   
privacy

   
question

More information is needed

  
static_fe

   
triage

   
wontfix

This won't be fixed

No labels
approved, awaiting change
broken setup
bug
cannot reproduce
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs change/feedback
needs docs
needs tests
not a bug
not our bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
AkkomaGang/akkoma#953
No description provided.