Skip to content

v 2.1.0 | IMAP connection to MS Exchange fails with "SSL routines::wrong version number" despite valid certificate #256

Description

@Johannes1512

The IMAP connection test fails with an SSL routines::wrong version number error when trying to connect to a Microsoft Exchange Server. Sending emails via SMTP works flawlessly.

I have verified the connection and the SSL/TLS certificate from inside the Freescout Docker container using openssl s_client. The OpenSSL test is completely successful, confirms the certificate is valid, and completes the TLS handshake without any issues. Furthermore, the Exchange IMAP service works perfectly with other third-party applications. The issue seems maybe isolated to how PHP's stream_socket_client handles the TLS/STARTTLS negotiation with Exchange in this specific Docker environment.

Steps to reproduce:

Docker image (Version 2.1.0) on a Debian 13 host.

Navigate to a mailbox's Connection Settings -> Incoming Emails (IMAP).

Enter the details for an MS Exchange server.

Set the Port to 143 and Encryption to TLS (+StartTLS) (Note: The Exchange server is explicitly configured to handle TLS on port 143).

Enter valid credentials and click "Check Connection" ("Verbindung prüfen").

The UI throws a popup with a connection failure and an OpenSSL error code 1.

Note: Changing the encryption to regular TLS/SSL or testing Port 143 results in the same behavior. Disabling authentication throws a different error, but that is not the intended setup.
Here is the error without TLS:
Image

Relevant logs and/or screenshots:

Freescout UI Error:
connection failed - stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:0A00010B:SSL routines::wrong version number

Here is a screenshot of my actual problem:
Image

Proof of successful connection from INSIDE the Freescout container:

Executing this directly inside the container returns a successful handshake:
openssl s_client -connect <exchange-ip-or-name>:143 -starttls imap -showcerts

Output snippet:
CONNECTED(00000003)
...
SSL handshake has read 3568 bytes and written 1717 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Protocol: TLSv1.2
...
Verify return code: 0 (ok)
Extended master secret: yes
---
. OK CAPABILITY completed.

Environment

Image version / tag: 2.1.0

Debian 13 - Docker

Possible Problems:

Strict hostname vs. IP validation in PHP (even when "Validate Certificate" is toggled off in the UI).
The Exchange certificate is issued strictly to the hostname and does not contain the internal IP address.

I'm happy to provide further logs or configs if needed – just let me know.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions