Free Support Forum - aspose.com

Aspose.Email not working with TLS1.2

Hi Support,

Aspose.Email fixed TLS1.2 problem in 18.2 version(EMAILNET-38901). Below are the release notes:

But in the Aspose.Email 19.2 version, its not working.

We have already upgraded our software with Aspose.Email version 19.2 and TLS1.2 support is not working.

Please let me know when you will merge TLS1.2 fix in latest version. We want this ASAP.

@marieke.saeij,

I have observed your inquiry and suggest you to please visit the following thread link for your kind reference as it contain similar discussion as shared by you.

Hi Mudassir,

If I use Aspose.Email 18.2, same code is working fine, but not with 19.2 version. So my question is, changed did in 18.2 for TLS1.2 has been merged or not?

@marieke.saeij,

Can you please confirm if you are explicitly setting TLS setting in your code as per my suggestion in previous reply? In latest available versions, actually Tls12 is not setup by default. So, if you need Tls12 you have to set it like in following code snippet:

client.SupportedEncryption = EncryptionProtocols.Tls12;

If you are setting it explicitly and still it is failing then please share the sample example project reproducing the issue so that we may use that to help you further.

Hi Mudassir,

Thanks for reply.

It works fine now by adding below line of code:

client.SupportedEncryption = EncryptionProtocols.Tls12 | EncryptionProtocols.Tls11 | EncryptionProtocols.Tls;

@marieke.saeij,

Its good to hear that suggestion worked on your end. Please feel free to share if you have any further issue on your end.

Hi,

Can I please confirm what the following code does?

client.SupportedEncryption = EncryptionProtocols.Tls12

By enabling Tls1.2 as per above, are the other earlier ones such as tls1.1 still enabled, or do I need to list everything?

client.SupportedEncryption = EncryptionProtocols.Tls12 Or EncryptionProtocols.Tls11 Or EncryptionProtocols.Tls

Our code could be connecting to various mail servers and some may require TLS 1.2 while others may need to be using TLS1.1 or earlier. I need all existing options to still work and just have TLS1.2 added to the list of possibilities.

Thanks, Julie

P.S. Why does Aspose.Mail not just enable this by default like the other ones?

@t1jsw,
Thank you for your request.

This code enables TLS 1.2 cryptographic protocol only.

Yes, you can list the cryptographic protocols you need.
API reference: EncryptionProtocols Enumeration

TLS 1.0, 1.1, 1.2, 1.3 encryption protocols are enabled by default.

If you faced any issue, could you describe it, please?

Thanks for your reply @Andrey_Potapov .

I am just starting investigations where it seems that access to an outlook mailbox breaks if TLS1.0 and 1.1 are disabled on the program server.

We are using Aspose.Mail version 20.2. Earlier in this thread it stated that TLS1.2 was not enabled by default, yet you mentioned it was. Can you confirm which release of Aspose.Mail this was changed?

Thanks, Julie

@t1jsw,
TLS 1.0, 1.1, 1.2, 1.3 encryption protocols for SmtpClient are enabled by default with Aspose.Email 20.2 as well. Could you describe the environment (OS and server settings) and share a code example reproducing the issue, please? But first, please check the issue with the latest version of Aspose.Email.

Hi @Andret_Potapov

I have replicated the issue our client is reporting.

It is running on Windows Server 2019 with all Server protocols except TLS1.2 disabled. The only ciphers available are triple DES 168, AES 128/128 and AES 256/256.

Our application is .NET Framework 3.5 and therefore we are using Aspose.Mail net3.5.

We tried both with and without the following server registry settings to enable TLS1.2 for .NET Framework as required by Microsoft.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001

I have reproduced just using a personal gmail account. NOTE: You do need the “Less secure App Access” turned on in order to access the account.

The code looks as follows:
Dim loClient As New Aspose.Email.Clients.Imap.ImapClient(“imap.gmail.com”, 993, Username, Password)
loClient.SecurityOptions = Aspose.Email.Clients.SecurityOptions.Auto
loClient.Timeout = 30000
loClient.SelectFolder(Aspose.Email.Clients.Imap.ImapFolderInfo.InBox)

The error occurs on the Select Folder command, almost immediately, with following stack trace:
Error Number: OperationCanceledException
Error Source: Aspose.Email
at #=ziwitwnO4FasH_GlpHec4DMUnthY1.#=zywC8bmA=(IAsyncResult #=zvzlFXWw=)
at #=ziwitwnO4FasH_GlpHec4DMUnthY1.#=zzkbeUpA=()
at #=ztZimPpbdaetOUALB$uzoUSgnO7SSvOjqpBuptas=.#=zKBWmfJE=(#=zYHosn79mmfipPCAUhbIlzRy9coTPCTpLEw== #=zJKbRWC4=)
at #=zfkFBhVZ02mSlGg645fNcttrOOJia.#=zfNXGfErS0oDW(Int32 #=zl6vMmkI=, #=zYHosn79mmfipPCAUhbIlzRy9coTPCTpLEw== #=zaNOGz2Y=)
at #=ziwitwnO4FasH_GlpHec4DMUnthY1.#=zG469sIqhWBBs()
at #=z5TbdhmtsS7PqZRtJ_YUHhAkPs$RUdGx_2tCv6GL9KaHW.#=zG469sIqhWBBs()
at #=z$hwMq2510l7Y9HxE5aKvfYDqT0ALuhheqS$J4NE9_Vp7…ctor(EmailClient #=zm9gKbkQ=, String #=zb8f5aq4=, Nullable1 #=zPRMJ0xAu$GBN) at Aspose.Email.Clients.Imap.ImapClient.BeginSelectFolder(IConnection connection, String folderName, Nullable1 readOnly, AsyncCallback callback, Object state)
at Aspose.Email.Clients.Imap.ImapClient.SelectFolder(IConnection connection, String folderName, Nullable`1 readOnly)
at Aspose.Email.Clients.Imap.ImapClient.SelectFolder(String folderName)

Re-enabling TLS1.0 and TLS1.1 (and possibly some of the ciphers) means it will work and then disabling them break it again. In order to have highest possible security on the server our client prefers to disable TLS 1.0 and TLS1.1 so we need this to work with TLS 1.2.

Any guidance you can provide would be greatly appreciated.

Thanks, Julie

@t1jsw,
Thank you for the issue description. I’ve logged the issue in our tracking system with ID EMAILNET-40215. Our development team will investigate this case. I will inform you about any progress.

@t1jsw,
Our development team investigated the issue and reported that it has already been fixed. The fix has been released in Aspose.Email 21.4.

@Andrey_Potapov
Thankyou for this.

I have upgraded and no longer get the above error but now I am constantly experiencing a timeout error:
Error Number: TimeoutException
Error Source: Aspose.Email
at #=zMd4RLc3_yk44MsTOPtI2I6M0qiek.#=zgIFeRBU=(IAsyncResult #=z_RGQRBs=)
at #=zMd4RLc3_yk44MsTOPtI2I6M0qiek.#=zjZzNUSA=()
at #=zlRVJeYTjhlA5eTDUbLM$b1L9JfeuptcoLp3OU9E=.#=zUBb6_OE=(#=zQJWNxWtLd8nG8m1Odn9S2Y2EGXaw2riXtw== #=z0mQuewY=)
at #=zchqTq4_scc_dj4tfpy8p3hvgKIQk.#=zQUg3IC1NsN0J(Int32 #=zLNLlouk=, #=zQJWNxWtLd8nG8m1Odn9S2Y2EGXaw2riXtw== #=zBcs9dBI=)
at #=zMd4RLc3_yk44MsTOPtI2I6M0qiek.#=zA82p10qB3l15()
at #=zwt1b$EQJAR06JJiLfyHNeOEjSkhJzCUEI36Q2zzDrsnW.#=zA82p10qB3l15()
at #=zNr5PMnVMYsM$X_CoZV3xSVcrfPYi4anTe81kFIftmUcT…ctor(EmailClient #=zN65gLGY=, String #=zus9wKjs=, Nullable1 #=z2FlOiLPPJO_R) at Aspose.Email.Clients.Imap.ImapClient.BeginSelectFolder(IConnection connection, String folderName, Nullable1 readOnly, AsyncCallback callback, Object state)
at Aspose.Email.Clients.Imap.ImapClient.SelectFolder(IConnection connection, String folderName, Nullable`1 readOnly)
at Aspose.Email.Clients.Imap.ImapClient.SelectFolder(String folderName)

With TLS 1.0 and 1.1 enabled it returns 7 messages in about 7 seconds, but always times out when only TLS1.2 is available.

Any help would be greatly appreciated.

Thanks, Julie

@t1jsw,
I passed this information to our development team. I will inform you about any progress.

@t1jsw,
Our development team has not managed to reproduce the error. To investigate the issue further, we need the following:

  • The code example reproducing the error
  • Valid credentials on which the error can be reproduced

The reason for the TimeoutException could be due to the lack of greetings message from the server. This situation may happen when the wrong connection configuration provided. For example, there could be a lack of TLS 1.2 support on the server.

Thanks Andrey.

I did not change anything since my original post.

Also please note that I was able to access that account via TLS 1.2 only using Aspose.Mail in one of our other products that uses a later .NET Framework version. Therefore I do not think it is because gmail is not supporting TLS 1.2.

I think it is related specifically to .NET Framework 3.5 but I am unsure if it is a problem within Aspose or a problem with server setup. Here are the specific server configuration details.

Thanks, Julie

@t1jsw,
I passed the additional information to our development team. I will inform you about any progress.