Supabase custom SMTP question: Custom SMTP STARTTLS handshake failure (DH 1024)
authHey folks — quick question about Supabase Auth Custom SMTP TLS requirements.
I’m using:
Host: mail.w.mangofactory.co.kr
Port: 587
STARTTLS enabled
It works with some SMTP test clients, but fails only when Supabase Auth sends email with:
remote error: tls: handshake failure
OpenSSL repro:
Default (strict) fails:
openssl s_client -starttls smtp -connect mail.w.mangofactory.co.kr:587 -crlf
→ dh key too small (tls_process_ske_dhe)
If I lower security level, it succeeds:
openssl ... -cipher 'DEFAULT:@SECLEVEL=1'
→ Server Temp Key: DH, 1024 bits
→ cipher: DHE-RSA-AES256-GCM-SHA384
Question: Does Supabase’s SMTP client reject STARTTLS when the server negotiates DHE with 1024-bit DH params?
If yes, is there any Supabase-side setting to relax TLS, or is the only fix to update the SMTP server to DH >= 2048 / ECDHE?
I can paste full OpenSSL output if helpful.
I’m using:
Host: mail.w.mangofactory.co.kr
Port: 587
STARTTLS enabled
It works with some SMTP test clients, but fails only when Supabase Auth sends email with:
remote error: tls: handshake failure
OpenSSL repro:
Default (strict) fails:
openssl s_client -starttls smtp -connect mail.w.mangofactory.co.kr:587 -crlf
→ dh key too small (tls_process_ske_dhe)
If I lower security level, it succeeds:
openssl ... -cipher 'DEFAULT:@SECLEVEL=1'
→ Server Temp Key: DH, 1024 bits
→ cipher: DHE-RSA-AES256-GCM-SHA384
Question: Does Supabase’s SMTP client reject STARTTLS when the server negotiates DHE with 1024-bit DH params?
If yes, is there any Supabase-side setting to relax TLS, or is the only fix to update the SMTP server to DH >= 2048 / ECDHE?
I can paste full OpenSSL output if helpful.
