Fixing “SSL operation failed” email issue in cakephp 3.8

Sending emails from a CakePHP application is simply a piece of cake. Here is the basics according to Cakephp documentation.

Here is the basic configuration in config/app.php

'EmailTransport' => [
    'default' => [
        'className' => 'Smtp',
        'host' => 'smtp.xxxxx.com',
        'port' => 587,
        'timeout' => 30,
        'username' => 'xxxxx@xxx.com',
        'password' => 'xxxxxxx',
        'client' => null,
        'tls' => true,
        'url' => env('EMAIL_TRANSPORT_DEFAULT_URL', null),
    ],
]

In the EmailTransport configuration named default above the className parameter is the most important one. In CakePHP there are 3 different options.

Mail – Send using PHP mail function
Smtp – Send using SMTP
Debug – Do not send the email, just return the result

If you use Mail option your app will send emails using PHP’s mail() function if supported by your system. In most cases it will work. In case you want to use secured emailing or third party emailing system such as gmail you may want to use Smtp value in the className parameter.

While using Smtp configuration you my face certain issues though. For example while you are in development environment or developing on your local machine.

In order to protect emails from spam and various emailing frauds most emailing services use TLS along with SSL protected emailing mechanism. To do this each connection to emailing server is transferred through secured connection protected by SSL installed on your server.

If you don’t have an SSL installed on your server, such as in your localhost environment you may face problem like this.:

Warning (2): stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [CORE\src\Network\Socket.php, line 470]

Fix

To fix this issue the actual fix is to install a SSL certificate on your website. However sometimes it is not possible to install an SSL on your test domain or in localhost. To work around this issue you may add a context parameter to your EmailTransport configuration as following:

'EmailTransport' => [
    'default' => [
        'className' => 'Smtp',
        'host' => 'smtp.xxxxx.com',
        'port' => 587,
        'timeout' => 30,
        'username' => 'xxxxx@xxx.com',
        'password' => 'xxxxxxx',
        'client' => null,
        'tls' => true,
        <strong>'context' => [</strong>
<strong>            'ssl' => [</strong>
<strong>                'verify_peer' => false,</strong>
<strong>                'verify_peer_name' => false,</strong>
<strong>                'allow_self_signed' => true</strong>
<strong>            ]</strong>
<strong>        ]</strong>
        'url' => env('EMAIL_TRANSPORT_DEFAULT_URL', null),
    ],
],

Notice the notice parameter here. It contains a sub param named ssl which has 3 values. All three options disabled the security checks to make connection.

It is strictly not recommended to disabled these security checks in a production environment. Only use it during development if required.

Leave a Reply