search

jstedfast / MailKit

A cross-platform .NET library for IMAP, POP3, and SMTP.
http://www.mimekit.net
MIT License
6.21k stars 824 forks source link

Suddenly all communication between MAilkit devlopment and server government stops #1657

Closed rvandeweyer closed 1 year ago

rvandeweyer commented 1 year ago

Describe the bug

We use mailkit to send messages to a pop3 system ( owned by government.) Suddenly at 9 am in morning the solution cannot connect anymore. I enclose the log file , which doesn t mean anything to me...

Connected to pop://url:110/?starttls=always S: +OK POP3 ready C: CAPA S: +OK Capability list follows S: TOP S: UIDL S: STLS S: . C: STLS S: +OK

Platform (please complete the following information):

Exception MailKit.Security.SslHandshakeException HResult=0x80131500 Message=An error occurred while attempting to establish an SSL or TLS connection.

This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of the following reasons:

  1. The server is using a self-signed certificate which cannot be verified.
  2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
  3. A Certificate Authority CRL server for one or more of the certificates in the chain is temporarily unavailable.
  4. The certificate presented by the server is expired or invalid.
  5. The set of SSL/TLS protocols supported by the client and server do not match.

See https://github.com/jstedfast/MailKit/blob/master/FAQ.md#ssl-handshake-exception for possible solutions.

Source=MailKit Inner Exception 1: AuthenticationException: Authentication failed, see inner exception.

Inner Exception 2: Win32Exception: The function requested is not supported

To Reproduce using (var client = new Pop3Client(new ProtocolLogger("pop3.log"))) { client.SslProtocols = System.Security.Authentication.SslProtocols.Tlsclient.AuthenticationMechanisms.Remove("XOAUTH2"); client.ServerCertificateValidationCallback = (s, c, h, e) => true;

client.Connect(_emailConfigurationDMS.PopServer, 110, SecureSocketOptions.StartTls); =>>>>>>>ERROR ... }

Thanks for your thoughts on this !!!

Best R./

rvandeweyer commented 1 year ago

I found a solution when i removed this line client.SslProtocols = System.Security.Authentication.SslProtocols.Tls;

then suddenly i have connection, what i do not understand is how this is possible after years of well functioning, now suddenly this is a blocking issue? Especially when the Government tells me that nothing has been changed.!

Thanks R/

jstedfast commented 1 year ago

They likely updated their SSL/TLS software which changed which version(s) of SSL/TLS their server supported.

System.Security.Authentication.SslProtocols.Tls is TLS v1.0 which has been unsecure for 10 years now. You should have never been using that.

The recommended TLS version that should be used for secure communication now is TLS v1.2 and TLS v1.3. Anything older is considered not secure.