Hi Guys,
Can Jiwa be set up to use TLS instead of SSL (secure connection) when using SMTP server for emailing. We have clients using Amazon simple emailing services which uses TLS authentication.
Thanks
Nina
The EnableSsl property specifies whether SSL is used to access the specified SMTP mail server.
The default value for this property can also be set in a machine or application configuration file. Any changes made to the EnableSsl property override the configuration file settings.
The SmtpClient class only supports the SMTP Service Extension for Secure SMTP over Transport Layer Security as defined in RFC 3207. In this mode, the SMTP session begins on an unencrypted channel, then a STARTTLS command is issued by the client to the server to switch to secure communication using SSL. See RFC 3207 published by the Internet Engineering Task Force (IETF) for more information.
An alternate connection method is where an SSL session is established up front before any protocol commands are sent. This connection method is sometimes called SMTP/SSL, SMTP over SSL, or SMTPS and by default uses port 465. This alternate connection method using SSL is not currently supported.
You can use ClientCertificates to specify which client certificates should be used to establish the SSL connection. The ServerCertificateValidationCallback allows you to reject the certificate provided by the SMTP server. The SecurityProtocol property allows you to specify the version of the SSL protocol to use.
System.Net.Mail only supports "Explicit SSL".
Explicit SSL
System.Net.Mail only supports "Explicit SSL". Explicit SSL starts as unencrypted on port 25, then issues a STARTDLS and switches to an Encrypted connection. See RFC 2228.
Explicit SLL would go something like: Connect on 25 -> StartTLS (starts to encrypt) -> authenticate -> send data
If the SMTP server expects SSL/TLS connection right from the start then this will not work.
Implicit SSL
There is no way to use Implicit SSL (SMTPS) with System.Net.Mail. Implicit SSL would have the entire connection is wrapped in an SSL layer. A specific port would be used (port 465 is common). There is no formal RFC covering Implicit SSL.
Implicit SLL would go something like: Start SSL (start encryption) -> Connect -> Authenticate -> send data
This is not considered a bug, it’s a feature request. There are two types of SSL authentication for SMTP, and we only support one (by design) – Explicit SSL.
Here are the Gmail SMTP settings, as published by google:
Server: smtp.gmail.com
Use SSL: Yes
Port: 465
Username: <user’s Gmail account username, i.e their email address>
Password: <user’s Gmail password>
But guess what? Using these values does not work in Jiwa. Why? Because we use Microsoft .Net standard System.Net.Mail libraries, and System.Net.Mail only supports “Explicit SSL”, NOT “Implicit SSL” (which is what Gmail requires). Read here:
http://www.systemnetmail.com/faq/5.3.aspx
Reading the above article, I would argue that Microsoft is doing the right thing, and Google is not. There is no formal RFC for Implicit SSL.
I did find, however, that email worked using these settings:
Server: smtp.gmail.com
Use SSL: Yes
Port: 25
Username: <user’s Gmail account username, i.e. their email address>
Password: <user’s Gmail password>
AND turning on “Allow less secure apps” in the Gmail users google account settings under “Sign-in & security -> Connected apps & sites”.
We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. Use MailKit or other libraries instead. For more information, see SmtpClient shouldn't be used on GitHub.
Return to Technical and or Programming
Users browsing this forum: No registered users and 7 guests