Error while connecting with TLS 1.1 and TLS 1.2 via IMAP4/POP3

@peeyushd,

Please find a sample POP3 application with activity logging functionality included: WinFormPOP3ActiivtyLogging.zip (249.9 KB)

By test credentials we meant that if your server is accessible over internet, please create a test account on it and share its host address, port, username and password with us so that we can access it from our end and test it for reproducing the issue. This will help us investigate the issue for assisting you further.

Also, please make sure that the respective port is opened at your server end. You can verify this by configuring the account in Outlook and check if it works or not. We tested the API by specifying TLS 1.2 on Gmail account and it works using the following statement at the start of code:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Regarding the Paid support, please post your inquiry in Aspose.Purchase forum to get further information.

Following addition information may help us further to assist you.

  • version of framework
  • version of server
  • version of.NET on the client side
  • demonstration application which gets error on his side

Hi Kashif,

PFA the log file.
PO3_SSL_Log_2018-7-26.zip (434 Bytes)

I am not sure how this log file helps since it didn’t logged any details apart from exception statement.

Also, our server is not accessible through Internet since we have our application running on-premises so unfortunately sharing test account details won’t help here.

Also, please find the additional information you have requested:

  1. Version of Framework ( I assume you are referring .Net framework ) = 4.5.1
  2. Version of Server = Microsoft Exchange Server 2010.
  3. Version of Framework on Client side = 4.5.1
  4. We refer the same application you attached here and provide the name of our server,port,user and password while creating the POP3Client and observed the same error while retrieving the messages.

Thanks.

@peeyushd,

Were you able to connect to the server using MS Outlook? i.e. without using Aspose.Email API. Because if Outlook is not able to connect to the server, it won’t be possible for the API as well to connect to the server. Please verify that and share your feedback.

Hi Kashif,

Yes, we are able to connect to the server using Outlook. We are using Outlook Web App for sending emails.
Just to update that when we enable TLS 1.0 settings in the registry all APIs works just fine but as soon as we enable TLS 1.2 and disabled rest settings ( TLS 1.0 and TLS 1.1 ) , we are seeing the exception.

We are currently seeing “Thread Time-Out” exception while getting the messages.
Even we tried to increase the time-out value in our project but the API “GetMessageCount” fails with Time-Out error after trying for 1-1.5 minutes.

Thanks.

@peeyushd,

Please clarify if you are using Outlook desktop version and configured it? Outlook Web App as we understand Outlook Web App is loaded from Exchange Server and no configuration is required for that. We wanted you to configure Outlook Desktop application with server so that we are sure that it is connecting to the server successfully. Please check and confirm to us the working of any desktop client like Outlook/Thunderbird etc so that we can further look into it.

Hi Kashif,

I will check with installing Outlook desktop.
But my only concern is that APIs are working with TLS 1.0 but not for TLS 1.2.
Our customers have moved to TLS 1.2 and there facing this issue.

Thanks.

@peeyushd,

Please also share the exact version of Exchange Server 2010 that you are using and the OS where it is installed. Your system administrator can provide you with this information.

Hi Kashif,

I did install Outlook client on client machine which got successfully configured with the exchange server.
I am attaching a screenshot showing that the connection is set with TLS 1.2 on server.
Connection1.zip (15.3 KB)

I have also attached a screenshot showing Exchange Server version:
Exchange_Server_Version.zip (6.8 KB)

OS on which Exchange server configured is Windows Server 2012 Standard.

I did confirm that post configuring Outlook client , I am able to connect with server and send/receive emails over TLS 1.2.

Requesting you to please guide us to resolve the API exception.

Thanks.

@peeyushd,

It seems you are not using Outlook Desktop but Outlook Web Application as evident from Connection1.png file. We looked into your server details and found something related.

From your server build information: 14.03.0224.002 , we have come to know that it is update Rollup 8v2 for Exchange Server 2010 SP3 2014-Dec-12 14.03.0224.002 as can be seen from Exchange Server build numbers – AtTheDataCenter

But as per https://blogs.technet.microsoft.com/exchange/2018/01/26/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/ , you need to install:

  • Rollup Update 19
  • .NET 3.5

Install SP3 RU19 in production today for TLS 1.2 support and be ready to upgrade to SP3 RU20 in production after its release if you need to disable TLS 1.0 and TLS 1.1.
Install the latest version of .NET 3.5.1 and patches.

and then test again with our API.

Good Morning Kashif,

The snapshot although I have attached is from Outlook web-app but I have verified the manual email communication using Outlook Desktop Client. I have installed it on one of different box which is properly communicating with the Exchange server. Actually I was not able to parse the TLS version from the message header that’s why I paste the snapshot from outlook web-app.

As you mentioned, I have installed SP3 RU19 for Exchange server 2010 on my exchange server machine. I haven’t yet install RU20 on it.
I have .net Framework 3.5 and 4.5 installed on my exchange server:
Framework_Versions.zip (30.7 KB)

As mentioned in “https://blogs.technet.microsoft.com/exchange/2018/01/26/exchange-server-tls-guidance-part-1-getting-ready-for-tls-1-2/” , I have installed all the required Windows Updates on Exchange Server and verified that update “KB3161949” exist there.

Still there is no luck with the exception, I am still seeing the same exception when calling API:
Exception.zip (24.8 KB)

Thanks for all the support you are continuously providing us.

Hello Kashif,

First of all thanks for your continuous support.

This issue is getting very critical for our customers.
As I mentioned that using Outlook Desktop, I can send/receive emails with TLS 1.2 configured on exchange server.

Can we meet on quick web-ex where I can show you my environment details and exchange server configuration to quickly resolve the issue ?

Thanks,
Peeyush

@peeyushd,

Web-ex is not necessary if you are able to connect via Outlook Desktop to the server. However, if you can connect your server to internet and share its IP address and POP3 and IMAP port numbers with us, we can test the case at our end and share our findings with you. We appreciate your cooperation in this regard and will be able to help you for resolving this critical issue.

Hi kashif,

Unfortunately as I mentioned our server is not on Internet so sharing IP can’t help.
Can you please help us to share your views regarding failure of API ?

Thanks.

@peeyushd,

Unfortunately, further details are not available with us about the exact reason for this behaviour. We have logged this issue as EMAILNET-39067 for further investigation at our end and will update you here once there is some information available in this regard.

Hello Kashif,

Just wanted to update you that the issue now has been resolved by updating the exchange server configurations. We found few more configurations upgrade which we performed on the server which now resolved the issue.
Now our application is communicating the server over TLS 1.2 and all POP3 and IMAP APIs are working fine.

Thanks for all the support you provided.
Highly appreciated !!

Thanks.

@peeyushd,

That’s indeed good news to hear. If you are satisfied, should we close the issue ticket at our end? You can also share the configuration details with us here for further reference of other users if you think so.

Thanks Kasif,

Sure you can now close the ticket.
I will definitely get the configuration details and shared those.

Thanks.

You are welcome.

Hello.
It seems like we have the same situation. Could you please share you configuration details or write the root points for checking.
Thank you

@cap.aspose,

The setting was in fact done by @peeyushd on his end. @peeyushd can you please be kind enough to share your feedback related to configurations on your end.