"secure": true - opens a connection immediately with SSL, this is failing in some cases because the default ciphers that connection is opened with are not compatible with the service that you’re connecting to
"secure": false - opens a non-secure connection then uses TLS to negotiate a valid cipher before switching to a secure connection to complete the email sending. Typically you’ll need to use port 587 for this as it’s the standard port for secure TLS connections, some providers may vary though
It’s important to note that both options are secure. There is no “bug”, just standard configuration options.
You can read more about it in the docs https://nodemailer.com/smtp/#tls-options