Enable SSL/TLS

[lint3]

Environment: Arduino IDE
Other libraries: None
Board: ESP32-S2-SAOLA

I'm using an email provider that requires SSL/TLS connections. However, using the code in example files, there is a message claiming ! W: Skipping SSL Verification. INSECURE! And later, > E: LOGIN failed. Illegal arguments. I assume this is because the server is denying the insecure connection.

OK, so I add the following to the sketch: session.secure.startTLS = true; - Then the connection times out at the following:

Check the capability...
> C: Check the capability
> C: cleaning SSL connection
[ 33583][V][ESP32_SSL_Client.cpp:425] stop_tcp_connection(): Cleaning SSL connection.
> E: Response read timed out

Question: Is the library supposed to default to secure SSL? How can I troubleshoot the connection or get more information on what's going wrong?

[mobizt]

The debug info ! W: Skipping SSL Verification. INSECURE! is about Server SSL certificate verification is ignored due to user does not provide the certificate for verification (Server authentication verification to prevent man in the middle attack).

While SSL/TLS is communication protocol which library is supported based on ports you assigned, if you read the document.

The error message, > E: LOGIN failed. Illegal arguments. is about you are trying to use ESMTP extension features with SMTP server that not support ESMTP for example Delivery Status Notification as this line in example.

ESP-Mail-Client/examples/SMTP/Send_Text/Send_Text.ino

Line 214 in b60ca87

// message.response.notify = esp_mail_smtp_notify_success | esp_mail_smtp_notify_failure | esp_mail_smtp_notify_delay;

[mobizt]

And at the line session.login.user_domain, you should provide valid format of IP address or domain name that represents your server name or IP address.

If you don't have server or don't want to assign any IP address, you can assign fake domain name like e.g. example.com.

Assign the invalid format of IP or domain name, server may reject the connection because this IP or domain name is the argument of SMTP server hello command.

When you assign the SSL or TLS port, you will see the debug message about perform the SSL/TLS handshake which means all data will send via SSL/TLS protocol.

For server SSL certificate verification, you can see the example at the line that root CA certificate was assigned which currently commented or ignored.

[mobizt]

You should not set session.secure.startTLS to true without knowing the ports and its protocols that supported by mail server.

You must read the Readme doc at the home page of this library repository that described about the ports and protocols already.

The mail server will support TLS if it contains STARTTLS in greeting response or capability response and library will treat it properly when user assignes port that supports TLS.

Normally SMTP port 587 supports TLS protocol and port 465 is for SSL protocol.

[mobizt]

The library provides full debugging where all client requests and server responses are printed.

You should follow the examples with some modification about host name, port and login credentials which you can assign port 465 or 587 which depends on mail server supports.

Port 465 (SSL) is not supported by Outlook server which is already stated in examples.

[mobizt]

In addition, you should post the full debug message instead of conclude what you're understanding because of it can be wrong.

With debug messages I can verify where is the error comes from.