Error while connecting with TLS 1.1 and TLS 1.2 via IMAP4/POP3

peeyushd · 2018-07-24 11:12:04 UTC

Hi,
We are trying to communicate with server using IMAP and POP3 protocols. Server is configured with TLS 1.1.

Following property we have set to connect to the server:
ImapClient imap = new ImapClient(server, port, user, pwd,SecurityOptions.SSLImplicit);

Above line executes successfully and we got the ImapClient object. Now using the same object we are trying to read the folder info using below property which is throwing an exception:

imap.SelectFolder(string inbox);

Below is the exception:
“Unable to read data from the transport connection: An established connection was aborted by the software in your host machine.”

P.S: We were successfully able to connect and fetch the required information from the server when server is configured for TLS 1.0 (( Here ‘SelectFolder’ api works fine ) ) but as soon as we move to higher TLS versions, started seeing above exception.

Any help is highly appreciated regarding any specific property/method need to be set to enable for TLS 1.1 and TLS 1.2.

Thanks.

kashif.iqbal · 2018-07-24 12:37:59 UTC

@peeyushd,

Can you try the SecurityOptions.Auto and check if it works? If it still doesn’t work, please share a test account credentials with us for reproducing the problem at our end. We’ll look into it for assisting you further.

peeyushd · 2018-07-25 04:35:40 UTC

Hi Kashif,

Thanks for your prompt reply.

Yes, we have already tried to use “SecurityOptions.Auto” but it still produces the same exception.
Just to update here that, previously we were using Aspose.Email.dll of version ‘5.9.0’ which we have now upgraded to version ‘18.6.0’ but now we are seeing different errors:

ErrorMessage = "Thread was being aborted."

We also tried to use below code after connection is established:

Pop3Client client = new Pop3Client(server, port, user, pwd, SecurityOptions.Auto);
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

But still observed the same exception.

We found in one of your reply for another topic in the forum where you mentioned as: Thus, you can use the API to to meet your requirements of working with IMAP and TLS higher than 1.0.

Can you please let us know which API you are recommending here to consume ?

Thanks.

kashif.iqbal · 2018-07-25 07:28:26 UTC

@peeyushd,

We mentioned the Aspose.Email API which you are already using. We need to have a test account’s credentials in order to try the same at our end and assist you further. We’ll be grateful to you if you could provide us with such a test account. Also, please generate POP3 Activity log and share it with us for further consideration at our end.

peeyushd · 2018-07-25 09:39:40 UTC

Hi Kashif,

Can you please help me know what credentials you are referring here ?
We have actually one environment on which we are doing our testing and the same being used by our Support team also.

Regarding the POP3 Activity Log you mentioned above, we tried to add ‘App.Settings’ file with required settings as mentioned in the link but somehow those are not working and log file is not getting generated.

Do we also need to add any specific code to generate the log file ?

Thanks.

peeyushd · 2018-07-25 10:07:46 UTC

Hi Kashif,

For your reference, I am pasting the state of SSL/TLS settings from my exchange server:

image.png (30.2 KB)

We have only enabled TLS1.2 else everything is disabled.

Thanks.

peeyushd · 2018-07-25 10:50:42 UTC

Hi Kashif,

I observed on one of another discussion thread where the user was facing the same issue of “Log File not getting generated” ( Getting timeout error while sending email through Aspose.Network) , you have mentioned a reference of some test project where we need to apply the license and it will generate the log file.
Can you please attach the same project to me which will help me to create the log file to more analyze our root issue ?

Thanks.

peeyushd · 2018-07-25 13:05:35 UTC

Hi Kashif,

This issue is very critical for us. Many of our customers have blocked because of this issue.
We have a license for ‘Aspose.Total For .Net’ with license type as "Site OEM’.
I observed there is an option to open a ticket in “Paid Support” option . Can you please help us to know if we can open a ticket to resolve this issue ?

Thanks.

kashif.iqbal · 2018-07-25 16:04:52 UTC

@peeyushd,

Please find a sample POP3 application with activity logging functionality included: WinFormPOP3ActiivtyLogging.zip (249.9 KB)

By test credentials we meant that if your server is accessible over internet, please create a test account on it and share its host address, port, username and password with us so that we can access it from our end and test it for reproducing the issue. This will help us investigate the issue for assisting you further.

Also, please make sure that the respective port is opened at your server end. You can verify this by configuring the account in Outlook and check if it works or not. We tested the API by specifying TLS 1.2 on Gmail account and it works using the following statement at the start of code:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Regarding the Paid support, please post your inquiry in Aspose.Purchase forum to get further information.

Following addition information may help us further to assist you.

version of framework
version of server
version of.NET on the client side
demonstration application which gets error on his side

peeyushd · 2018-07-26 07:03:26 UTC

Hi Kashif,

PFA the log file.
PO3_SSL_Log_2018-7-26.zip (434 Bytes)

I am not sure how this log file helps since it didn’t logged any details apart from exception statement.

Also, our server is not accessible through Internet since we have our application running on-premises so unfortunately sharing test account details won’t help here.

Also, please find the additional information you have requested:

Version of Framework ( I assume you are referring .Net framework ) = 4.5.1
Version of Server = Microsoft Exchange Server 2010.
Version of Framework on Client side = 4.5.1
We refer the same application you attached here and provide the name of our server,port,user and password while creating the POP3Client and observed the same error while retrieving the messages.

Thanks.

kashif.iqbal · 2018-07-26 08:06:25 UTC

@peeyushd,

Were you able to connect to the server using MS Outlook? i.e. without using Aspose.Email API. Because if Outlook is not able to connect to the server, it won’t be possible for the API as well to connect to the server. Please verify that and share your feedback.

peeyushd · 2018-07-26 08:39:47 UTC

Hi Kashif,

Yes, we are able to connect to the server using Outlook. We are using Outlook Web App for sending emails.
Just to update that when we enable TLS 1.0 settings in the registry all APIs works just fine but as soon as we enable TLS 1.2 and disabled rest settings ( TLS 1.0 and TLS 1.1 ) , we are seeing the exception.

We are currently seeing “Thread Time-Out” exception while getting the messages.
Even we tried to increase the time-out value in our project but the API “GetMessageCount” fails with Time-Out error after trying for 1-1.5 minutes.

Thanks.

kashif.iqbal · 2018-07-26 09:53:38 UTC

@peeyushd,

Please clarify if you are using Outlook desktop version and configured it? Outlook Web App as we understand Outlook Web App is loaded from Exchange Server and no configuration is required for that. We wanted you to configure Outlook Desktop application with server so that we are sure that it is connecting to the server successfully. Please check and confirm to us the working of any desktop client like Outlook/Thunderbird etc so that we can further look into it.

peeyushd · 2018-07-26 10:25:16 UTC

Hi Kashif,

I will check with installing Outlook desktop.
But my only concern is that APIs are working with TLS 1.0 but not for TLS 1.2.
Our customers have moved to TLS 1.2 and there facing this issue.

Thanks.

kashif.iqbal · 2018-07-26 11:13:06 UTC

@peeyushd,

Please also share the exact version of Exchange Server 2010 that you are using and the OS where it is installed. Your system administrator can provide you with this information.

peeyushd · 2018-07-27 14:20:14 UTC

Hi Kashif,

I did install Outlook client on client machine which got successfully configured with the exchange server.
I am attaching a screenshot showing that the connection is set with TLS 1.2 on server.
Connection1.zip (15.3 KB)

I have also attached a screenshot showing Exchange Server version:
Exchange_Server_Version.zip (6.8 KB)

OS on which Exchange server configured is Windows Server 2012 Standard.

I did confirm that post configuring Outlook client , I am able to connect with server and send/receive emails over TLS 1.2.

Requesting you to please guide us to resolve the API exception.

Thanks.

kashif.iqbal · 2018-07-27 16:19:46 UTC

@peeyushd,

It seems you are not using Outlook Desktop but Outlook Web Application as evident from Connection1.png file. We looked into your server details and found something related.

From your server build information: 14.03.0224.002 , we have come to know that it is update Rollup 8v2 for Exchange Server 2010 SP3 2014-Dec-12 14.03.0224.002 as can be seen from https://atthedatacenter.wordpress.com/2015/10/02/exchange-server-build-numbers/

But as per https://blogs.technet.microsoft.com/exchange/2018/01/26/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/ , you need to install:

Rollup Update 19
.NET 3.5

Install SP3 RU19 in production today for TLS 1.2 support and be ready to upgrade to SP3 RU20 in production after its release if you need to disable TLS 1.0 and TLS 1.1.
Install the latest version of .NET 3.5.1 and patches.

and then test again with our API.

peeyushd · 2018-07-30 05:37:03 UTC

Good Morning Kashif,

The snapshot although I have attached is from Outlook web-app but I have verified the manual email communication using Outlook Desktop Client. I have installed it on one of different box which is properly communicating with the Exchange server. Actually I was not able to parse the TLS version from the message header that’s why I paste the snapshot from outlook web-app.

As you mentioned, I have installed SP3 RU19 for Exchange server 2010 on my exchange server machine. I haven’t yet install RU20 on it.
I have .net Framework 3.5 and 4.5 installed on my exchange server:
Framework_Versions.zip (30.7 KB)

As mentioned in “https://blogs.technet.microsoft.com/exchange/2018/01/26/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/” , I have installed all the required Windows Updates on Exchange Server and verified that update “KB3161949” exist there.

Still there is no luck with the exception, I am still seeing the same exception when calling API:
Exception.zip (24.8 KB)

Thanks for all the support you are continuously providing us.

peeyushd · 2018-07-30 06:21:31 UTC

Hello Kashif,

First of all thanks for your continuous support.

This issue is getting very critical for our customers.
As I mentioned that using Outlook Desktop, I can send/receive emails with TLS 1.2 configured on exchange server.

Can we meet on quick web-ex where I can show you my environment details and exchange server configuration to quickly resolve the issue ?

Thanks,
Peeyush

kashif.iqbal · 2018-07-30 09:11:29 UTC

@peeyushd,

Web-ex is not necessary if you are able to connect via Outlook Desktop to the server. However, if you can connect your server to internet and share its IP address and POP3 and IMAP port numbers with us, we can test the case at our end and share our findings with you. We appreciate your cooperation in this regard and will be able to help you for resolving this critical issue.