West Wind Internet and Client Tools
West Wind Client Tools TLS 1.2
Gravatar is a globally recognized avatar based on your email address. West Wind Client Tools TLS 1.2
  Dmitry Litvak
  All
  Sep 26, 2019 @ 05:32am

Hello,

I was wondering if the West Wind Client Tools supports TLS 1.2 when sending emails?

Please let me know.

THanks,

Dmitry

Gravatar is a globally recognized avatar based on your email address. re: West Wind Client Tools TLS 1.2
  Dmitry Litvak
  Tore Bleken
  Sep 26, 2019 @ 08:05am

Tore, Thank you for your message and for your links. I am reading them.
But I am still not clear what I need to do. The customer server is Windows Server 2016 Standard. And their IT says that my app (which uses West Wind Client Tools for emails) sends emails using TLS 1.0. And they want to change the email from 1.0 to 1.2. But how do I verify what he is saying? That is, where do I look to see if my app is emailing using TLS 1.0?

Gravatar is a globally recognized avatar based on your email address. re: West Wind Client Tools TLS 1.2
  Dmitry Litvak
  Tore Bleken
  Sep 26, 2019 @ 08:29am

I also realize that the issue could be that the email is sent from the desktop, and not from the server. I believe this is the nature of how VFP 9 applications work. Still, trying to figure how to verify the version of TLS in the email sent by my application.

Gravatar is a globally recognized avatar based on your email address. re: West Wind Client Tools TLS 1.2
  Tore Bleken
  Dmitry Litvak
  Sep 26, 2019 @ 08:36am

Send an email to yourself. In the properties for the received email you will see all the necessary details in the internet header.

Gravatar is a globally recognized avatar based on your email address. re: West Wind Client Tools TLS 1.2
  Dmitry Litvak
  Tore Bleken
  Sep 26, 2019 @ 09:03am

Thank you, Tore. Very helpful. I can see that when I send an email from the server the TLS in the header is 1.2. I will ask them to send me an email from a desktop to see the version there.

Gravatar is a globally recognized avatar based on your email address. re: West Wind Client Tools TLS 1.2
  Rick Strahl
  Dmitry Litvak
  Sep 26, 2019 @ 09:44am

Dimitry,

The client tools use .NET to send secure SMTP emails and .NET definitely supports TLS 1.2. Assuming the server is using a TLS 1.2 certificate wwSmtp can access that server.

When your admin says, the client is sending TLS 1.0 what exactly does he mean? The server determines the protocol used (ie. TLS 1.2). The client will negotiate the protocol and send data in the requested protocol or - if it's not supported - fail.

If the server supports multiple protocols it's possible that the client will send with another protocol, but if that's the case it's the responsibility of the server to request the higher versions first so that the negotiation happens with TLS 1.2 instead of TLS 1.0. If they want to make sure clients use TLS 1.2 they should disable other protocols on the mail server.

All that said - I believe there are switches on the .NET mail client that support explicitly setting the protocol, but that's not recommended because normally it's automatic because the server dictates the protocol. If you set it manually you're forced into that protocol and if it changes in the future you may break your code.

Note that the OS settings for enabling TLS 1.2 still apply to SMTP services as well as HTTP. So if you're on older versions of Windows you may have to explicitly enable TLS 1.2 as outlined in the blog post (or on really old versions it may just not work).

+++ Rick ---

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: West Wind Client Tools TLS 1.2
  Dmitry Litvak
  Rick Strahl
  Sep 26, 2019 @ 10:14am

Rick,

Thank you very much for the detailed reply.

I am waiting for the client to send me an email from their desktop; so that I can see what version TLS it has.

As I said to Tore, when I email from the server - when RDT to the server - the email is TLS 1.2.

Again, thanks.

© 1996-2019