Mailing List CGatePro@mail.stalker.com Message #106405
From: Nicolas Hatier <nicolas.hatier@niversoft.com>
Subject: Re: SMTP and TLS 1.2
Date: Thu, 11 May 2017 22:27:50 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Makes sense, thanks a lot. I will try that.

Nicolas Hatier, ing. <nicolas.hatier@niversoft.com>
Niversoft idées logicielles - http://www.niversoft.com



On 2017-05-11 16:07, Ralf Zenklusen, BAR Informatik AG wrote:

Hi Nicolas,

well, Dmitry wrote in 2015:

TLS in outgoing SMTP sessions is constrained to version 1.0 because of potential problems negotiating 1.1 and up with older SSL/TLS implementations. If you sure that negotiating 1.1. or 1.2 won't cause problems with remote servers, you can add --SMTPOutgoingTLSVersion 2 or --SMTPOutgoingTLSVersion 3 to startup options list to allow negotiation of TLS 1.1 and 1.2, respectively.

 

Not sure if this is still valid.

But obviously on my whishlist is “send plain if SSL/TLS negotiation fails”.

We shurly need to go in that direction…

 

 

Kind regards

Ralf

 

 

 

Von: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] Im Auftrag von Nicolas Hatier
Gesendet: Donnerstag, 11. Mai 2017 18:59
An: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Betreff: SMTP and TLS 1.2

 


Hello.

Can CGP send using TLS 1.2 when forwarding mail to a smarthost? (SMTP / Sending , Forward to...)

My client's ISP tells me TLS 1.2 is enabled on their server and they are going to retire 1.0 within a few months.
Send Encrypted (at the bottom of the same page) is configured properly.

However, in the logs, the TLS version used always seems to be 1.0:

12:32:03.191 2 TLS-000006 created(TLSv1.0,ECDHE_AES256_SHA) -> [x.x.x.x]:587 for SMTP-000007
12:32:03.277 4 SMTP-000007(*) TLS-000006 secure(ECDHE_AES256_SHA) connection opened


I don't know enough about TLS to be sure whether or not the issue is on CGP side or on the ISP side.

Thanks.

--

Nicolas Hatier, ing. <nicolas.hatier@niversoft.com>
Niversoft idées logicielles - http://www.niversoft.com


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster