Hi,
I use West Wind Client Tools in my VFP 9 application, for sending email messages.
A customer asked me if my email client conforms to the TLS 1.2 spec (since, as he said, MS will soon not accept any connection prior to TLS 1.2)
How do I check this? That is, how do I verify that the WW Client Tools uses TLS 1.2?
UPDATE. I read your blog, kindly suggested by Tore.
Which still leaves some questions.
- The article talks about wwHttp but nothing about wwSmtp. And wwSmtp is what I use in my VFP 9 application to send email(s) (my app does not receive emails, only sends them).
- The blog describes how various version of .NET affect TLS 1.2 support. When my VFP 9 program emails, the email goes from the desktop (even though all DLLs and .EXEs are on the server). Does it mean that the desktop must have a certain version of .NET installed? For example, if the desktop has .NET 4.6, the wwSmtp should work and conform to TLS 1.2?
- The link you have in your blog for testing a browser is very nice. But how do I create a test case to show the customer that TLS 1.2 works?
TIA
I hope Rick's blog entry gives you the answer you want? Web Connection and TLS 1.2 Support
You asked the same question here in September last year. But who's counting.. 😃
Tore, thank you very much!
I am sorry for a duplicate question. I kind of remembered that I had this question discussed sometimes in the past. Now, another customer asked the same question. I should document these message exchanges better.
I updated my initial post, after reading the blog you suggested (thank you!) If you know the answers to my questions, please let me know.
I'm not an expert on this field, hopefully Rick will correct me if I am wrong.
My guess is that this is controlled by Windows, as this paragraph from the same blog post indicates:
Built-in Support for TLS 1.2
- Windows 8.1, Windows 10 or later
- Windows Server 2012 R2, Windows 2016 or later
These versions of Windows just work out of box with TLS 1.2 - no changes are required.
This would mean that WW Client Tools depends on the Windows version or the version of .NET on the desktop. Hopefully Rick will confirm or reject this understanding. Thanks.
The short answer is that all the tools support TLS 1.2 and will use it by default, assuming you're using a recent version of the Client Tools (or Web Connection) and you have a compatible version of Windows and the .NET Framework (as outlined in the article).
The .NET components will use the highest level they support by default which is likely to be TLS 1.2 unless it's an old OS that doesn't support it.
I don't really know how to verify this other than hitting a server that doesn't support TLS 1.1 or older and fails. You can probably use a network tool like WireShark to look at the request data and it'll tell you what encryption is used.
+++ Rick ---
Thank you for your reply.
The version I have is 6.21.0 dated 07-12-2018
Please let me know if I need to update to the more recent version.
Look at the date. If it's a bit after that article then it's probably OK, but might be worthwhile to keep up to date anyway. Latest version is 7.x.
+++ Rick ---
What is the link to the 7.0 update? I found a page on your web site for the West Wind Client Tools to 6.x update but I already have it. UPDATE. I found the page for West Wind Internet & Client Tools 7.0 Version Upgrade I think it is probably the same as you suggesting (the word "Internet" added). I will order it tomorrow.
I purchased 7.0 Upgrade and copied the files from the source into my VFP 9 project.
How do I check, from the executable, what version of West Wind Client Tools is being used?
TIA