Resolution for "Send SMTP mail message: An error occurred while trying to establish an SSL or TLS connection" error thrown while sending an SMTP email over SSL/TLS.
Issue Description: When using the "Send SMTP Mail Message" activity to send on port 465 of smtp.gmail.com the following error is written to the Output Panel in Studio:
Send SMTP mail message: An error occurred while trying to establish an SSL or TLS connection.
The server's SSL certificate could not be validated for the following reasons,
- The server certificate has the following errors:
- The revocation function cannot check the revocation for the certificate.
Selecting "Run File" from the dropdown error on Debug File in the Design Ribbon will yield the error detail listed in the Error section.
The Mail Shield portion of Avast Antivirus uses an advanced scanning method for incoming and outgoing emails over SSL/TLS secured connections. This scanning disrupts the handshake.
A Wireshark trace comparison between a successful and failed send seems to indicate the root cause of the SSLHandshakeException is due to an Encrypted Alert being sent from the source IP and port of the email client to the email server (smtp.gmail.com:465 in this case). The content of the alert is encrypted and cannot be read. The handshake succeeds properly after disabling the SSL Scanning feature of the antivirus software.
Following is the Wireshark trace of a failed send with Avast Mail Shield fully enabled:
Following is the Wireshark trace of a successful send after disabling Avast Mail Shield: Scan SSL Connections.
Resolution:
Disable SSL Scanning in the Mail Shield of Avast Free Antivirus.
Scan SSL connections (enabled by default): Enables scanning of emails sent or received using SSL/TLS encrypted connection. If disabled, only emails sent or received via unsecured connections are scanned.- Open Avast Free Antivirus
- Go to Menu -> Settings
- Type geek:area in the search box
- Type ssl in Search and select Core Shields > Mail shield: Scan SSL connections
- Disable the Mail shield: Scan SSL Connections