Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Problem with TidSMTP Windows 10 SSL/TLS


This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 16 - Last Post: Jun 27, 2016 11:35 AM Last Post By: Remy Lebeau (Te...
Michel BALLASSE

Posts: 6
Registered: 3/6/12
Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 13, 2016 8:11 AM
Hi,
I'm developping a tablet application which has to send email.
This application is deployed on Windows 8 and WIndows 10 platform tablet.
I've developped a test applictaion with IdSMTP and IdSSLIOHandlerSocketOpenSSL1 components
All the components are set at running time to connect to the exchange server with the sames parameters
I'm first using the 10.5.0.5122 Indy version.
I'm yet testing with 10.6.0.0 Indy version.

The test results are :
Windows 8 : telnet OK - application OK
Windows 10 : telnet ok : application KO
I'm get this error message : SSL is unaviable on this server

I have setting all the SSL and TLS capabilites.
I'm using the same authentication email account, the same from and the same recepient for all my testes series

I have same copied the SSL dll on my application folder, in the Windows/System32 ans Windows/SysWOW64
But I don't find which DLL version to set on my windows 10 tablet.

Could you have a solution to send thsi email via Windows 10 tablet ?
Regards
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 13, 2016 11:07 AM   in response to: Michel BALLASSE in response to: Michel BALLASSE
Michel wrote:

I'm yet testing with 10.6.0.0 Indy version.

The current version is 10.6.2.5355.

I'm get this error message : SSL is unaviable on this server

That means you have set the TIdSMTP.UseTLS property to utUseExplicitTLS or
utNoTLSSupport, but the SMTP server port you have connected to does not support
the SMTP "STARTTLS" command. Try setting the UseTLS property to utUseImplicitTLS
instead.

--
Remy Lebeau (TeamB)
Michel BALLASSE

Posts: 6
Registered: 3/6/12
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 14, 2016 11:40 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Hi
Where I could download this 10.6.2.5355 version for Delphi XE6 ?
I've tried with utImplicitTLS parameter and the result is not OK.
Same error message.
Regards

Remy Lebeau (TeamB) wrote:
Michel wrote:

I'm yet testing with 10.6.0.0 Indy version.

The current version is 10.6.2.5355.

I'm get this error message : SSL is unaviable on this server

That means you have set the TIdSMTP.UseTLS property to utUseExplicitTLS or
utNoTLSSupport, but the SMTP server port you have connected to does not support
the SMTP "STARTTLS" command. Try setting the UseTLS property to utUseImplicitTLS
instead.

--
Remy Lebeau (TeamB)
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 15, 2016 11:38 AM   in response to: Michel BALLASSE in response to: Michel BALLASSE
Michel wrote:

Where I could download this 10.6.2.5355 version for Delphi XE6 ?

http://indyproject.org/Sockets/Docs/Indy10Installation.EN.aspx

http://indyproject.org/Sockets/Download/DevSnapshot.EN.aspx

https://indy.fulgan.com/ZIP/

I've tried with utImplicitTLS parameter and the result is not OK.
Same error message.

Which port number are you actually trying to connect to? And do note that
setting the UseTLS property may change the Port property, so you should
set the Port after setting the UseTLS, not the other way around, if you are
doing so. You might not be connecting to the port you are expecting.

--
Remy Lebeau (TeamB)
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 15, 2016 11:35 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy wrote:

That means you have set the TIdSMTP.UseTLS property to
utUseExplicitTLS or utNoTLSSupport...

I meant utUseRequireTLS, not utNoTLSSupport.

--
Remy Lebeau (TeamB)
Adriano Macome

Posts: 56
Registered: 9/26/11
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 24, 2016 7:59 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Hello Remy,

I found I started to get same problem reported by Michel. I work under Rad Studio XE7 and I configure the component in this way:

SMTP.AuthType := satSASL;
SSLIOHandlerSMTP.Versions := [sbTLS1,sbTLS11,sbTLS12];
SMTP.IOHandler := SSLIOHandlerSMTP;
SMTP.UseTLS := utUseExplicitTLS;

I try to send via SMTP.LIVE.COM port 25. I get "SSL is not available on this server". On the same machine, I use MS-OUTLOOK sending to the same server, same port with TLS and it works.

If I change to utUseImplicitTLS, then I get "error connecting with SSL".

If I change to utUseImplicitTLS, then I get "SSL is not available on this server".

I also tried diferents configurations on port 465 and 587 but I always get this kind of errors.

Is something new that is making this to stop working? (This program was working very well before).

Best regards,

Adriano.
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 24, 2016 9:43 AM   in response to: Adriano Macome in response to: Adriano Macome
I try to send via SMTP.LIVE.COM port 25. I get "SSL is not
available on this server". On the same machine, I use MS-OUTLOOK
sending to the same server, same port with TLS and it works.

Microsoft is abandoning Live.com, and moving accounts to Outlook.com.
Maybe Outlook is aware of this and being clever.

The new servers and ports are:

pop-mail.outlook.com - SSL port 995
smtp-mail.outlook.com - SSL port 587

But you need to activate POP3 before you can use it, after migrating
your account to Outlook.com, by logging into the old web site.

Did all this earlier in the week after I got bored of POP3 errors on
pop3.live.com:

-ERR Authentication failure: unknown user name or bad password.
[Error="ProxyNotAuthenticated"

Never got SSL errors, so this may be a red herring, but you'll hit it
sooner or later when your old account dies.

Angus
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 24, 2016 10:27 AM   in response to: Adriano Macome in response to: Adriano Macome
Adriano wrote:

I try to send via SMTP.LIVE.COM port 25. I get "SSL is not available
on this server".

I just tried TIdSMTP on that same server and port and SSL with utUseExplicitTLS
works fine for me.

If I change to utUseImplicitTLS, then I get "error connecting with
SSL".

As you should be, since port 25 is not an implicit SSL port, that is 465
instead.

I also tried diferents configurations on port 465 and 587 but I always
get this kind of errors.

Use utUseImplicitTLS on port 465, and utUseExplicitTLS on ports 25 and 587.

--
Remy Lebeau (TeamB)
Adriano Macome

Posts: 56
Registered: 9/26/11
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 24, 2016 11:30 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Thank you Remy, is there any new Indy version after the one that comes in XE7 that can be installed in it?

Edited by: Adriano Macome on Jun 24, 2016 11:53 AM
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 24, 2016 11:50 AM   in response to: Adriano Macome in response to: Adriano Macome
Adriano wrote:

Thank you Remy, but ... what can it make it not working only
from some places?

Without a dump from a packet sniffer, I can only speculate.

In my test, I used only TLSv1 by itself, TLSv1.1 and TLSv1.2 were disabled.
Enabling multiple SSL/TLS versions together does affect how SSL/TLS handshaking
is managed. Maybe the Live server is not setup to handle that.

Outside of that, maybe the handshake failed because your SSLIOHandler settings
were not configured correctly, or maybe it is failing to load the OpenSSL
DLLs, or maybe OpenSSL itself is encountering an error. There are many possibilities,
and no information provided to narrow it down.

--
Remy Lebeau (TeamB)
Adriano Macome

Posts: 56
Registered: 9/26/11
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 24, 2016 12:12 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Hi Ramy; Setting it for TLSv1 only, did de trick. Thank you. Now my question is ... how will my application to know what SSL or TLS version will be needed when the final user change the configuration to use other servers?. Or is it enough to use TLSv1 for any configuration?
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 24, 2016 12:46 PM   in response to: Adriano Macome in response to: Adriano Macome
Adriano wrote:

Now my question is ... how will my application to know what
SSL or TLS version will be needed when the final user change
the configuration to use other servers?

It can't know, unless you allow the user to configure that in your code.

Or is it enough to use TLSv1 for any configuration?

For now, most servers still support TLS 1.0, but you don't know if the server
is using TLSv1 specifically, or is using SSLv23 with TLSv1+TLSv1.1+TLSv1.2
enabled. Those configurations require different handshakes on the wire,
and Indy can only handle one type of handshake at a time. You will have
to try different configurations until one succeeds.

--
Remy Lebeau (TeamB)
Adriano Macome

Posts: 56
Registered: 9/26/11
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 24, 2016 12:31 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Hi Remy,

After sending to you my last reply, I noted that TElClientIndySSLIOHandlerSocket, by default, is configured in the object inspector with all the posibles versions: [sbSSL2,sbSSL3,sbTLS1,sbTLS11,sbTLS12].

So I tried to use the component with this default and it works very well for smtp.live.com at port 25 with TLS.

Crazy ....
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Problem with TidSMTP Windows 10 SSL/TLS  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 24, 2016 1:01 PM   in response to: Adriano Macome in response to: Adriano Macome
Adriano wrote:

After sending to you my last reply, I noted that
TElClientIndySSLIOHandlerSocket, by default, is configured
in the object inspector with all the posibles versions:
[sbSSL2,sbSSL3,sbTLS1,sbTLS11,sbTLS12].

If multiple versions are enabled, Indy uses SSLv23 to perform version negotiation.
If the server is also using SSLv23 to support version negotiation, the connection
can succeed. But if the server does not use SSLv23, the connection would
fail. In which case, you have to use the same single version that the server
is using so the handshakes will match.

So I tried to use the component with this default and it works
very well for smtp.live.com at port 25 with TLS.

Like I said earlier, I was able to connect to live.com on port using TLSv1
by itself, not SSLv23. Why enabling SSLv2 and SSLv3 makes a difference for
you, I don't know. Maybe your OpenSSL is having a problem with TLS but is
able to connect using SSLv3 instead. Who knows. I can't see what your system
is transmitting over the wire.

--
Remy Lebeau (TeamB)
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Problem with TidSMTP Windows 10 SSL/TLS [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 24, 2016 12:41 PM   in response to: Adriano Macome in response to: Adriano Macome
Adriano wrote:

is there any new Indy version after the one that
comes in XE7 that can be installed in it?

Of course. Each new Delphi release has included a new version of Indy.
The SVN snapshot still supports all the way back to Delphi 5.

--
Remy Lebeau (TeamB)
Adriano Macome

Posts: 56
Registered: 9/26/11
Re: Problem with TidSMTP Windows 10 SSL/TLS [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 27, 2016 10:33 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Hi Remy

Just for general knowledge, let me add that it is very clear that something changed in some mail providers (or I don´t know where), as we started at friday getting lots of questions about the case, but we didn´t changed anything. More: some customers that are reporting this, are using a version of our software, that was finished 3 years ago. Most of them are having problems with GMail.

Best regards,

Adriano.
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Problem with TidSMTP Windows 10 SSL/TLS [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Jun 27, 2016 11:35 AM   in response to: Adriano Macome in response to: Adriano Macome
Adriano wrote:

Just for general knowledge, let me add that it is very clear that
something changed in some mail providers (or I don´t know where), as
we started at friday getting lots of questions about the case, but we
didn´t changed anything. More: some customers that are reporting this,
are using a version of our software, that was finished 3 years ago.
Most of them are having problems with GMail.

The latest version of Indy with the latest version of OpenSSL works with
GMail. I tested it on my own account and it works fine.

--
Remy Lebeau (TeamB)
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02