Windsurf
email
Nodemailer TLS Handshake Failed in Windsurf App
Your Windsurf-generated app fails to send emails through Nodemailer with TLS handshake errors. Email functionality that worked in development breaks when deployed, or stops working suddenly after the email provider updates their security settings.
TLS (Transport Layer Security) handshake failures mean your app cannot establish a secure connection to the SMTP server. This blocks all email sending — password resets, notifications, verification emails, and any other transactional emails your app depends on.
The error may be intermittent, working sometimes and failing others, or it may fail consistently after a deployment or SMTP provider change. Common scenarios include moving from development to production, switching email providers, or the provider deprecating old TLS versions.
Error Messages You Might See
Error: self-signed certificate
Error: unable to verify the first certificate
Error: ESOCKET - TLS handshake failed
Error: Connection timeout on port 465
Error: SSL routines:ssl3_get_record:wrong version number
Common Causes
- Wrong port and security combination — Cascade configured port 465 with STARTTLS (should use TLS) or port 587 with direct TLS (should use STARTTLS)
- Self-signed or expired certificate — The SMTP server's SSL certificate is self-signed, expired, or not trusted by Node.js
- TLS version mismatch — The SMTP server requires TLS 1.2+ but the Node.js configuration allows old versions, or vice versa
- rejectUnauthorized set incorrectly — Cascade set rejectUnauthorized: false during development to bypass cert errors, but this is insecure for production
- Firewall blocking SMTP ports — The hosting platform (Vercel, Railway, etc.) blocks outbound SMTP connections on ports 25, 465, or 587
How to Fix It
- Match port to security protocol — Use port 587 with secure: false (STARTTLS upgrades automatically), or port 465 with secure: true (implicit TLS). Never use port 25 for authenticated email
- Verify SMTP credentials — Double-check host, port, username, and password. Many providers require app-specific passwords when 2FA is enabled
- Set proper TLS options — Add tls: { minVersion: 'TLSv1.2', rejectUnauthorized: true } to your Nodemailer transport configuration
- Test SMTP connection independently — Use the nodemailer verify() method to test the connection before sending: transporter.verify().then(console.log).catch(console.error)
- Use an email API instead — If your host blocks SMTP ports, switch from Nodemailer SMTP to an HTTP-based email API (SendGrid, Resend, Postmark) that uses port 443
- Check your hosting platform — Vercel, Netlify, and some serverless platforms block SMTP. Check their docs for email sending limitations
Real developers can help you.
Jacek Rozanski
Senior PHP/Symfony developer and DevOps engineer with 20+ years of professional experience, running opcode.pl (web development agency, est. 2004).
Day job: I'm the sole backend developer at merketing company where I own and maintain 11 PHP/Symfony microservices on AWS (ECS Fargate, RDS, S3, CloudFront), handle the full CI/CD pipeline (Bitbucket Pipelines, Docker), and manage monitoring with Sentry and CloudWatch. These services handle high request volumes in production every month.
What I bring to AI-built apps:
- I audit and fix security issues (OWASP methodology), performance bottlenecks, and architectural problems in codebases generated by Cursor, Claude Code, Lovable, Bolt, and v0
- I refactor AI-generated prototypes into production-grade applications with proper error handling, testing, and clean architecture (SOLID, DDD, hexagonal architecture)
- I set up the infrastructure AI tools don't touch: AWS hosting, CI/CD pipelines, automated deployments, database optimization, monitoring, and alerting
- I integrate external services: payment providers, email systems, partner APIs, SSO/auth
Tech stack: PHP 8.x, Symfony, React, Next.js, PostgreSQL, MySQL, Docker, AWS (ECS, RDS, S3, SQS/SNS, CloudFront), Terraform, Supabase. I also use AI tools daily (Claude Code, Cursor) in my own workflow, so I understand both the strengths and the gaps in AI-generated code.
Based in Poland (CET timezone). Available for async work and calls during EU/US business hours.
zipking
I am a technologist and product builder dedicated to creating high-impact solutions at the intersection of AI and specialized markets. Currently, I am focused on PropScan (EstateGuard), an AI-driven SaaS platform tailored for the Japanese real estate industry, and exploring the potential of Archify.
As an INFJ-T, I approach development with a "systems-thinking" mindset—balancing technical precision with a deep understanding of user needs. I particularly enjoy the challenge of architecting Vertical AI SaaS and optimizing Small Language Models (SLMs) to solve specific, real-world business problems. Whether I'm in a CTO-level leadership role or hands-on with the code, I thrive on building tools that turn complex data into actionable value.
Luca Liberati
I work on monoliths and microservices, backends and frontends, manage K8s clusters and love to design apps architecture
Stanislav Prigodich
15+ years building iOS and web apps at startups and enterprise companies. I want to use that experience to help builders ship real products - when something breaks, I'm here to fix it.
ISHANTDEEP SINGH
Senior Software Engineer with 7+ years of experience in React, JavaScript, TypeScript, Next.js, and Node.js. I’ve also worked as a tech lead for startups, owning end-to-end technical execution including architecture, development, scaling, and delivery. I bring a strong mix of hands-on coding, product thinking, and technical leadership, and I’m comfortable building products from scratch as well as improving and scaling existing systems.
Victor Denisov
Developer
Meïr Ankri
Full-stack developer specializing in React / Next.js / Node.js with 6+ years of experience. I've worked across various sectors including automotive (Reezocar/Société Générale), healthcare (Medical Link SaaS), and e-commerce (Glasman). I build web apps end-to-end, from architecture to production, with a focus on scalability, performance, and code quality. I also mentor junior developers and contribute to technical decisions and code reviews.
Daniel Vázquez
Software Engineer with over 10 years of experience on Startups, Government, big tech industry & consulting.
rayush33
JavaScript (React.js, React Native, Node.js) Developer with demonstrated industry experience of 4+ years, actively looking for opportunities to hone my skills as well as help small-scale business owners with solutions to technical problems
hanson1014
Full-stack developer experienced in fixing and deploying AI-generated apps from Lovable, Bolt.new, Cursor, and Replit. I specialize in debugging Supabase integration issues (auth flows, RLS policies, database connections), fixing broken deployments, resolving routing/blank screen problems, and cleaning up messy React/Vite codebases. I also build production apps with the Claude API and have shipped a Mac desktop dev tool (Nexterm from scratch. Based in Hong Kong, fast turnaround.
You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.
Get HelpFrequently Asked Questions
Should I use port 465 or 587 for sending email?
Use port 587 with STARTTLS for most modern SMTP providers. Port 587 starts unencrypted and upgrades to TLS. Port 465 uses implicit TLS and is the legacy standard. Set secure: false for port 587 (Nodemailer handles STARTTLS automatically) and secure: true for port 465.
Is it safe to set rejectUnauthorized: false?
No. Setting rejectUnauthorized: false disables certificate validation, making your connection vulnerable to man-in-the-middle attacks. Only use it for local development. In production, fix the certificate issue instead.