I am trying to use git send-email under Linux Mint 20.
Same configuration was working under Debian Sid.
Now I get error:
mcon@cinderella:~/vocore/__V2__/u-boot$ git send-email --to=u-boot@lists.denx.de /tmp/output/ --smtp-debug
/tmp/output/0000-cover-letter.patch
/tmp/output/0001-Small-fixes-to-reduce-size-and-ensure-correct-consol.patch
/tmp/output/0002-Enlarge-SPL-malloc-area-to-prevent-failure-in-lzma-d.patch
/tmp/output/0003-Fix-missing-__udivdi3-in-SquashFS-implementation.patch
(mbox) Adding cc: Mauro Condarelli <mc5686@mclink.it> from line 'From: Mauro Condarelli <mc5686@mclink.it>'
DEBUG: .../IO/Socket/SSL.pm:1177: global error: Undefined SSL object
DEBUG: .../IO/Socket/SSL.pm:900: local error: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
DEBUG: .../IO/Socket/SSL.pm:903: fatal SSL error: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Unable to initialize SMTP properly. Check config and use --smtp-debug. VALUES: server=mail2.mclink.it encryption=ssl hello=cinderella.condarelli.it port=465 at /usr/lib/git-core/git-send-email line 1558.
AFAIK this is due to my upstream mailer not accepting TLSv2 protocol (which is currently enforced by default).
IFF this is correct: how do I convince git send-email to use TLSv1?
Obviously I have NO way to force upstream mailer to "upgrade".
.... server=mail2.mclink.it ... port=465
This is a pretty broken server you are trying to use here. It looks like that the best it can do is TLS 1.0 with RC4-MD5 as cipher which is weak in many ways. This cipher is usually no longer compiled in in newer versions of openssl, so it is likely that it will not work with your current setup.
But there is SMTP access on the same server also possible on port 25, including TLS using STARTTLS. This instance actually offers TLS 1.2 with a strong cipher. So better change your setup to use this instead. Note that you have to set smtpEncryption to tls in this case instead of ssl since tls is interpreted as SMTP+STARTTLS (usually on port 25 and 587) while ssl is interpreted as implicit TLS (usually on port 465).
AFAIK this is due to my upstream mailer not accepting TLSv2 protocol (which is currently enforced by default).
TLS automatically uses the best protocol version supported by both client and server. There is no need to explicitly downgrade unless the server is too broken and chokes if newer protocol versions are offered.
IFF this is correct: how do I convince git send-email to use TLSv1?
You can't. There is no way to set the protocol or ciphers for send-email. Based on the source code it simply uses Perl Net::SMTP which then uses IO::Socket::SSL with its default settings - no attempts to override these are done in the script. Any recommendations regarding this might apply to the git connection itself but not to git-send-email.