Aspose-email-19.6-jdk16 - unable to set tls12 handshake


#1

Dear community,

our customer recently disabled tls and tls11 at his email server. Beforehand, we send mails via SMTP STARTTLS connection on port 25:

var mmsg = MailMessage.load(file);
var client = new SmtpClient();
client.setHost(r.smtp);
client.setSecurityOptions(SecurityOptions.SSLExplicit);
client.setUseAuthentication(true);
client.setPort(r.port);
client.setUsername(r.username);
client.setPassword(r.pw);
client.send(mmsg);

This configuration worked well until last week. Now, we are forced to use tls12. But at this point, we see through wireshark that aspose still uses tls, even though we changed our code to (port 465):

var mmsg = MailMessage.load(file);
var client = new SmtpClient();
client.setHost(r.smtp);
client.setSecurityOptions(SecurityOptions.SSLImplicit);
client.setUseAuthentication(true);
client.setPort(r.port);
client.setUsername(r.username);
client.setPassword(r.pw);
client.supportedEncryption = EncryptionProtocols.Tls12;
client.send(mmsg);

The handshake is still performed with tls and therefore triggers a timeout error (the server does not answer). Whereas openssl manages to negotiate with tls12 and enables us to send mails via smtp access. Furthermore, openssl is also not able to connect with tls11 or tls. It shows the exact same behaviour as our java code. Which confirms that the customer disabled tls and tls11 and forces us to use tls12.

Our application runs on tomcat 8.5.32.

Do you have any advice, please?

Best regards,
André


#2

@abrand,

I have observed your comments. Can you please share source file so that we may further investigate to help you out.


#3

@Adnan.Ahmad

Thank you.

I have extracted the code out of our application in Javascript.

try {
var attFile, mailMsg, y, outlookMsg, client,
file = “EXAMPLE MSG FILE.msg” // java file
msg = MapiMessage.fromFile(file),
htmlBody = msg.getBodyHtml(),
subject = msg.getSubject(),
sender = new MailAddress("test@test.com"),
recipients = new MailAddressCollection(),
addrTos = [“test@test.com”,“test2@test.com”];

for (y = 0; y < addrTos.length; y++) {
recipients.addMailAddress(new MailAddress(String(addrTos[y])));
}

mailMsg = new MailMessage();
mailMsg.setPreferredTextEncoding(StandardCharsets.ISO_8859_1);
mailMsg.setFrom(sender);

mailMsg.setTo(recipients);
mailMsg.setSubject(subject);
mailMsg.setHtmlBody(htmlBody);

outlookMsg = MapiMessage.fromMailMessage(mailMsg);

// port 25 starttls
// port 465 without starttls

client = new SmtpClient();
client.setHost(“sendm.cert.legalmail.it”);
client.setSecurityOptions(SecurityOptions.SSLExplicit);
client.setUseAuthentication(true);
client.setPort(465);
// client.setUsername(“testuser”);
// client.setPassword(“testpassword”);
client.send(outlookMsg);
}
catch(e) {
throw e;
}

You need to use java file io to load a random msg file (row 3). The customer uses template mails to send them from our application to the smtp server. Wireshark shows, that the tls negotiation happens before auth login with username and password (at least with openssl). Therefore, I anonymised both.


#4

@abrand,

I have observed the issue shared by you and have created an investigation ticket with ID EMAILJAVA-34562 in our issue tracking system to investigate this on our end. I will share the feedback with you in this regard as soon as possible.


#5

@Adnan.Ahmad

Do you have any feedback on this issue? Can you probably establish a tls12 connection with the italian server?


#6

@abrand,

I like to inform that issue is pending for detail investigation. I also like to inform as per our company policy, the first priority for investigation and resolution of issues is given to the Paid Support i.e. Enterprise and Priority Support on first come first serve basis. After that the issues from normal support forum are scheduled for investigation on first come first serve basis. I request for your patience. We will share good news with you soon regarding your issue.


#7

The issues you have found earlier (filed as EMAILJAVA-34562) have been fixed in this update.