Dont send emails with local version 14.0.0

Eduardo Carrasco

Sorry to be late here but I think I may have just spotted a potential issue that may cause your symptoms. Can you clarify your scenario for me here please?

Can you check in your instance's database to see if the SMTP password is being saved (it should save as an encrypted string) or if it is being set to NULL or blank? If it is set, can you try to change it to something else in the UI and then back to what it should be and make sure you can do this and check it saves in the database each time.

You say that "When you test sending outbound mail it's works" - does this mean when you are at the "System Email Settings" page, entering the password and clicking the "Send Test Email" button works fine? Or are you testing by sending an email from the in-built client e.g. from a Contact record?

Lastly, when you visit the "System Email Settings" page, do you see the "Change Password" link or are you seeing an empty text box for the password?

Thanks,

JH.

The password is saved correctly in the database.

Test Email button works fine in System Email Settings.

The problem is when send a Email from Emails Module or in a Process Definition or in logichook code.

Only I see an empty text box for the password in System Email Settings.

Eduardo,

As you are seeing the empty box for the password in System Email Settings then I believe the issue is as I suspect. I believe that if you try to update the password using that screen the save will wipe the value from the database.

I think that the issue is with the Blowfish encryption utility that Sugar uses. Or rather, with the cipher that the encryption uses to perform the encrypt / decrypt functions (actually done by the PHP function "openssl_decrypt") as this is using the 'bf-ecb' cipher in its call. That cipher is not supported by version 3 of OpenSSL which is what ships with PHP 8.2. To confirm, you can insert into your code somewhere a call to the PHP function: "openssl_get_cipher_methods" and see what ciphers are available to you. I am pretty sure that 'bf-ecb' will not be there. In fact this cipher is not only not supported by default, it is also marked as "to be avoided" by OpenSSL 3.0.

As this cipher is not supported, calls to the encrypt / decrypt functions return blank results. This means that Sugar is failing to decrypt all encrypted data. You are seeing this manifested as the password not working.

I guess that your platform stack is using a plain PHP 8.2 which uses the default OpenSSL settings? The fix for this is to modify your openssl.cnf file and add the items that pull in the legacy providers.

There are instructions for doing this here: https://www.practicalnetworking.net/practical-tls/openssl-3-and-legacy-providers/

Note that I had to slightly amend this as the section [provider_sect] did not action in my config file (I am using a Docker stack hardened up with SSL). I added the following to my openssl.cnf file:

[default_conf]
ssl_conf = ssl_sect
providers = provider_sect

# List of providers to load
[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

Once I had added the directive to pull in legacy providers, the Blowfish encode / decode worked again.

Hopefully you can follow this. I only worked this out myself earlier this week having seen the issue come up when upgrading a system to use PHP 8.2 in preparation for an upgrade to Sugar v14.

Thanks,

JH.

Eduardo,

As you are seeing the empty box for the password in System Email Settings then I believe the issue is as I suspect. I believe that if you try to update the password using that screen the save will wipe the value from the database.

I think that the issue is with the Blowfish encryption utility that Sugar uses. Or rather, with the cipher that the encryption uses to perform the encrypt / decrypt functions (actually done by the PHP function "openssl_decrypt") as this is using the 'bf-ecb' cipher in its call. That cipher is not supported by version 3 of OpenSSL which is what ships with PHP 8.2. To confirm, you can insert into your code somewhere a call to the PHP function: "openssl_get_cipher_methods" and see what ciphers are available to you. I am pretty sure that 'bf-ecb' will not be there. In fact this cipher is not only not supported by default, it is also marked as "to be avoided" by OpenSSL 3.0.

As this cipher is not supported, calls to the encrypt / decrypt functions return blank results. This means that Sugar is failing to decrypt all encrypted data. You are seeing this manifested as the password not working.

I guess that your platform stack is using a plain PHP 8.2 which uses the default OpenSSL settings? The fix for this is to modify your openssl.cnf file and add the items that pull in the legacy providers.

There are instructions for doing this here: https://www.practicalnetworking.net/practical-tls/openssl-3-and-legacy-providers/

Note that I had to slightly amend this as the section [provider_sect] did not action in my config file (I am using a Docker stack hardened up with SSL). I added the following to my openssl.cnf file:

[default_conf]
ssl_conf = ssl_sect
providers = provider_sect

# List of providers to load
[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

Once I had added the directive to pull in legacy providers, the Blowfish encode / decode worked again.

Hopefully you can follow this. I only worked this out myself earlier this week having seen the issue come up when upgrading a system to use PHP 8.2 in preparation for an upgrade to Sugar v14.

Thanks,

JH.

I had already applied that configuration and it didn't work.