Hi Guys,
Can Jiwa be set up to use TLS instead of SSL (secure connection) when using SMTP server for emailing. We have clients using Amazon simple emailing services which uses TLS authentication.
Thanks
Nina
TLS Authentication 
5 posts
• Page 1 of 1
TLS Authentication
by Nina Tulic » Fri Nov 06, 2015 11:28 am
- Nina Tulic
- Occasional Contributor
- Posts: 35
- Joined: Fri Feb 14, 2014 11:03 am
- Topics Solved: 0
Re: TLS Authentication 
by Scott.Pearce » Fri Nov 06, 2015 12:03 pm
This is such an area of confusion. TLS supercedes SSL, but many still use the term SSL when they really mean TLS. And the property we set in our code is a Microsoft property, and is called .EnableSSL (but it really uses one of the 2 TLS implementations available).
Jiwa uses the standard MIcrosoft .Net library for sending email - this library is know as System.Net.Mail.
From the offical Microsoft documentation at https://msdn.microsoft.com/en-us/library/system.net.mail.smtpclient.enablessl(v=vs.110).aspx:
So, when we say SSL, I guess we should say TLS. I might log a bug to change the system setting name.
To further conplicate matters, there are other variations in SSL/TLS - "Implicit SSL" and "Explicit SSL". Regarding System.Net.Mail, taken from http://www.systemnetmail.com/faq/5.3.aspx:
I had problems trying to setup email in Jiwa for someone who was using a GMail account. Below is a summary email that I sent to everyone involved after resolving:
Jiwa uses the standard MIcrosoft .Net library for sending email - this library is know as System.Net.Mail.
From the offical Microsoft documentation at https://msdn.microsoft.com/en-us/library/system.net.mail.smtpclient.enablessl(v=vs.110).aspx:
The EnableSsl property specifies whether SSL is used to access the specified SMTP mail server.
The default value for this property can also be set in a machine or application configuration file. Any changes made to the EnableSsl property override the configuration file settings.
The SmtpClient class only supports the SMTP Service Extension for Secure SMTP over Transport Layer Security as defined in RFC 3207. In this mode, the SMTP session begins on an unencrypted channel, then a STARTTLS command is issued by the client to the server to switch to secure communication using SSL. See RFC 3207 published by the Internet Engineering Task Force (IETF) for more information.
An alternate connection method is where an SSL session is established up front before any protocol commands are sent. This connection method is sometimes called SMTP/SSL, SMTP over SSL, or SMTPS and by default uses port 465. This alternate connection method using SSL is not currently supported.
You can use ClientCertificates to specify which client certificates should be used to establish the SSL connection. The ServerCertificateValidationCallback allows you to reject the certificate provided by the SMTP server. The SecurityProtocol property allows you to specify the version of the SSL protocol to use.
So, when we say SSL, I guess we should say TLS. I might log a bug to change the system setting name.
To further conplicate matters, there are other variations in SSL/TLS - "Implicit SSL" and "Explicit SSL". Regarding System.Net.Mail, taken from http://www.systemnetmail.com/faq/5.3.aspx:
System.Net.Mail only supports "Explicit SSL".
Explicit SSL
System.Net.Mail only supports "Explicit SSL". Explicit SSL starts as unencrypted on port 25, then issues a STARTDLS and switches to an Encrypted connection. See RFC 2228.
Explicit SLL would go something like: Connect on 25 -> StartTLS (starts to encrypt) -> authenticate -> send data
If the SMTP server expects SSL/TLS connection right from the start then this will not work.
Implicit SSL
There is no way to use Implicit SSL (SMTPS) with System.Net.Mail. Implicit SSL would have the entire connection is wrapped in an SSL layer. A specific port would be used (port 465 is common). There is no formal RFC covering Implicit SSL.
Implicit SLL would go something like: Start SSL (start encryption) -> Connect -> Authenticate -> send data
This is not considered a bug, it’s a feature request. There are two types of SSL authentication for SMTP, and we only support one (by design) – Explicit SSL.
I had problems trying to setup email in Jiwa for someone who was using a GMail account. Below is a summary email that I sent to everyone involved after resolving:
Here are the Gmail SMTP settings, as published by google:
Server: smtp.gmail.com
Use SSL: Yes
Port: 465
Username: <user’s Gmail account username, i.e their email address>
Password: <user’s Gmail password>
But guess what? Using these values does not work in Jiwa. Why? Because we use Microsoft .Net standard System.Net.Mail libraries, and System.Net.Mail only supports “Explicit SSL”, NOT “Implicit SSL” (which is what Gmail requires). Read here:
http://www.systemnetmail.com/faq/5.3.aspx
Reading the above article, I would argue that Microsoft is doing the right thing, and Google is not. There is no formal RFC for Implicit SSL.
I did find, however, that email worked using these settings:
Server: smtp.gmail.com
Use SSL: Yes
Port: 25
Username: <user’s Gmail account username, i.e. their email address>
Password: <user’s Gmail password>
AND turning on “Allow less secure apps” in the Gmail users google account settings under “Sign-in & security -> Connected apps & sites”.
Scott Pearce
Senior Analyst/Programmer
Jiwa Financials
Senior Analyst/Programmer
Jiwa Financials
-
Scott.Pearce - Senpai
- Posts: 742
- Joined: Tue Feb 12, 2008 11:27 am
- Location: New South Wales, Australia
- Topics Solved: 221
Re: TLS Authentication
by Nina Tulic » Tue Dec 08, 2015 10:14 pm
Hi Scott,
We have not been able to setup SMTP emailing in Jiwa on Amazon so we did a bit more research and found the following document. Any thoughts?
http://docs.aws.amazon.com/ses/latest/D ... p-net.html
Thanks
Nina
We have not been able to setup SMTP emailing in Jiwa on Amazon so we did a bit more research and found the following document. Any thoughts?
http://docs.aws.amazon.com/ses/latest/D ... p-net.html
Thanks
Nina
- Nina Tulic
- Occasional Contributor
- Posts: 35
- Joined: Fri Feb 14, 2014 11:03 am
- Topics Solved: 0
Re: TLS Authentication
by Scott.Pearce » Wed Dec 09, 2015 1:28 pm
The code in that article is basically the same as what we do in Jiwa. Do you have a test machine (Amazon) with Jiwa installed that I can remote into and attempt to configure? I would have thought we just need to configure the following in Jiwa:
In staff maintenance, for say user "Admin":
SMTP Username: ?
SMTP Password: ?
I'm not familiar with AWS, but the article you cited implies that when you set up an AWS machine you get given an SMTP username and password to use. Is this true?
Then, in System Configuration, we would enter:
UseOutlookForEmail: Unticked
SMTPServerAddress: email-smtp.us-west-2.amazonaws.com (Maybe there is a more local end point we should be using?)
SMTPRequiresSLL: Ticked
SMTPServerPortNumber: 587
Close Jiwa, login in as Admin, load Email Maintenance, and try sending an email.
In staff maintenance, for say user "Admin":
SMTP Username: ?
SMTP Password: ?
I'm not familiar with AWS, but the article you cited implies that when you set up an AWS machine you get given an SMTP username and password to use. Is this true?
Then, in System Configuration, we would enter:
UseOutlookForEmail: Unticked
SMTPServerAddress: email-smtp.us-west-2.amazonaws.com (Maybe there is a more local end point we should be using?)
SMTPRequiresSLL: Ticked
SMTPServerPortNumber: 587
Close Jiwa, login in as Admin, load Email Maintenance, and try sending an email.
Scott Pearce
Senior Analyst/Programmer
Jiwa Financials
Senior Analyst/Programmer
Jiwa Financials
-
Scott.Pearce - Senpai
- Posts: 742
- Joined: Tue Feb 12, 2008 11:27 am
- Location: New South Wales, Australia
- Topics Solved: 221
Re: TLS Authentication
by pricerc » Mon May 10, 2021 11:03 am
I recently stumbled over the 'news' (to me) that the standard Microsoft .NET SMTP client is basically deprecated by Microsoft.
Apparently; it is known to exhibit weird behaviour because of how it pools its connections, and so it doesn't play very nicely in multi-threaded environments.
GitHub link to the compiler 'warning' message : https://github.com/dotnet/platform-comp ... /DE0005.md
On the documentation page for SmtpClient at Microsoft (https://docs.microsoft.com/en-us/dotnet ... smtpclient), is the following comment:
MailKit/MimeKit being an open-source alternative to Microsoft's SmtpClient that is fairly simple to drop-in as a replacement, but has much more sophisticated options.
I've just used it quite successfully in a project where I had some weird things happening with mail using the MS SMTPClient.
MailKit link: https://github.com/jstedfast/MailKit
Nutget link: https://www.nuget.org/packages/MailKit/
Apparently; it is known to exhibit weird behaviour because of how it pools its connections, and so it doesn't play very nicely in multi-threaded environments.
GitHub link to the compiler 'warning' message : https://github.com/dotnet/platform-comp ... /DE0005.md
On the documentation page for SmtpClient at Microsoft (https://docs.microsoft.com/en-us/dotnet ... smtpclient), is the following comment:
We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. Use MailKit or other libraries instead. For more information, see SmtpClient shouldn't be used on GitHub.
MailKit/MimeKit being an open-source alternative to Microsoft's SmtpClient that is fairly simple to drop-in as a replacement, but has much more sophisticated options.
I've just used it quite successfully in a project where I had some weird things happening with mail using the MS SMTPClient.
MailKit link: https://github.com/jstedfast/MailKit
Nutget link: https://www.nuget.org/packages/MailKit/
-
pricerc - Senpai
- Posts: 504
- Joined: Mon Aug 10, 2009 12:22 pm
- Location: Auckland, NZ
- Topics Solved: 20
5 posts
• Page 1 of 1
Return to Technical and or Programming
Who is online
Users browsing this forum: No registered users and 7 guests