A bit of an odd error (CSS broke with SSL)

Post

Posted
Rating:
#6771 (In Topic #1756)
Avatar
Standard member
Jonas WG is in the usergroup ‘Fan in training’

This started with an e-mail issue.

1. When e-mails bounced from our club's mailing list, composr would try resending periodically. This led to our webhost receiving a complaint from hotmail.

2. I attempted to select "configure bounce filter" from the settings menu in hopes of automatically culling failed e-mail addresses from the mailing list. However, I received the following error:
"IMAP error: TLS/SSL failure for mail.paleo.ca: SSL negotiation failed"

3. I mentioned this to the webhost who turned on SSL (we had been running without it) and enabled HTTPS redirection. This did not end the "IMAP error: TLS/SSL failure for mail.paleo.ca: SSL negotiation failed"

4. However, running with SSL on caused the CSS to break, so now none of the panels, layout or colour features work:
www.paleo.ca

Does anyone have an idea regarding why CSS breaks with SSL? Also does anyone have an idea about "IMAP error: TLS/SSL failure for mail.paleo.ca: SSL negotiation failed"?
 
Online now: No Back to the top

Post

Posted
Rating:
#6772
Avatar
Site director
Chris Graham is in the usergroup ‘Administrators’
When e-mails bounced from our club's mailing list, composr would try resending periodically. This led to our webhost receiving a complaint from hotmail.

Composr wouldn't do this, perhaps the SMTP server might (I don't know about that). Once Composr successfully sends an e-mail onto whatever SMTP server is responsible for further dispatching the message, it's done with it and considers it sent. It doesn't monitor bounces or anything similar (the bounce functionality within newsletters is to let the webmaster manually choose to not send new messages in the future).

"IMAP error: TLS/SSL failure for mail.paleo.ca: SSL negotiation failed"

Composr v10 will explicitly use SSL if the given port is 993, the standard IMAP port for SSL. I think that includes TLS, which is the newer more-standardised version of SSL (i.e. a continuation, not something different).

For v11 I have already rewritten this code to be much more configurable, and to also explicitly support start-TLS, which is a different connection method that the aforementioned SSL/TLS.

If Composr is not explicitly using start-TLS it may still do so if that is available on the configured port. This is up to the imap_open implementation in PHP PHP: imap_open - Manual which itself is using the IMAP c-client library.
Honestly, not a lot of people have faith in this, as it is an old library that is no longer maintained.

Was/is your port 993? If not, it's curious why imap_open would try and use SSL that was not working.

I'm happy to debug this for you, if so I'll need to have at least the IMAP details you're putting in sent to chris@ocproducts.com.

However, running with SSL on caused the CSS to break, so now none of the panels, layout or colour features work:
www.paleo.ca

Make sure your base URL in _config.php has https:// in it. I think it does not, which is the problem. You have a redirect from http:// to https://, but the base URL itself is saying http://. My guess, of course.
Then clear your template cache from either the upgrader (/upgrader.php) or from Admin Zone > Tools > Website cleanup tools.

The website SSL isn't actually related to the IMAP SSL at all, but perhaps you accidentally broke it when thinking the website SSL was related to the IMAP SSL.

Last edit: by Chris Graham



Become a fan of Composr on Facebook or add me as a friend. Add me on on Twitter. Follow me on Minds (where I am most active). Support me on Patreon

Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Online now: No Back to the top

Post

Posted
Rating:
#6781
Avatar
Standard member
Jonas WG is in the usergroup ‘Fan in training’
Yes, I was mistakenly thinking that the website SSL might be needed for the IMAP SSL to work!

1) You were right about _config.php ...when I changed the base URL the CSS came back!

2) The resending behaviour seemed to end after composr was upgraded from 10.26 to 10.30 (at least that is my impression).

3) The IMAP port specified is not 993 - sending you details
Online now: No Back to the top

Post

Posted
Rating:
#6782
Avatar
Site director
Chris Graham is in the usergroup ‘Administrators’
Ok this was interesting.

The IMAP server advertised start-TLS support on the default IMAP port, but it only worked on port 993 (the secure IMAP port).

PHP by default uses start-TLS if it sees it advertised.

The fix is just to switch to using port 993.

In v11 we already made the exact protocol choice an explicit one via a drop-down list, so this confusion won't be present in v11.


Become a fan of Composr on Facebook or add me as a friend. Add me on on Twitter. Follow me on Minds (where I am most active). Support me on Patreon

Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Online now: No Back to the top
1 guest and 0 members have just viewed this.

Statistics

Users online:

MVLipwig, Salman, amit.nigam, Paul D, northpointevergeen

Forum statistics: Birthdays:
Back to Top