1
SmarterMail 14.2.5704 TLS 1.2 Support (Almost...) but trips up on the new Cipher Suites
Problem reported by James Grangeia - August 17, 2015 at 8:45 PM
Resolved
So the good news is that this version will indeed support negotiating TLS1.2 !!!  That is awesome and thank you developers!
 
The bad news is that when you install a Cert with a SHA 256 Hash and it negotiates with a SMTP server that utilizes a newer TLS 1.2 cipher suite such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 will cause the following error:
 
[2015.08.18] 03:19:55 [x.x.x.x][X] Exception negotiating TLS session: System.NullReferenceException: Object reference not set to an instance of an object.
[2015.08.18]    at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting, Log log, String sessionId)
[2015.08.18]    at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting)
[2015.08.18]    at MailService.TcpServerLib.SMTP.SMTPSession.#W8()
 
Basically it will negotiate TLS 1.2 just fine but if it is asked to use a cipher suite introduced with TLS 1.2 it breaks down and cries uncle...
 
 

4 Replies

Reply to Thread
0
Bruce Barnes Replied
August 17, 2015 at 9:01 PM
CONFIRMED:
 
[2015.08.17] 02:56:47 [141.212.122.59][1311964] rsp: 220 securemail.chicagonettech.com  Mon, 17 Aug 2015 07:56:47 +0000 UTC | SmarterMail Enterprise 14.2.5704.15544
[2015.08.17] 02:56:47 [141.212.122.59][1311964] connected at 8/17/2015 2:56:47 AM
[2015.08.17] 02:56:47 [141.212.122.59][1311964] cmd: EHLO eecs.umich.edu
[2015.08.17] 02:56:47 [141.212.122.59][1311964] rsp: 250-securemail.chicagonettech.com Hello [141.212.122.59]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2015.08.17] 02:56:47 [141.212.122.59][1311964] cmd: STARTTLS
[2015.08.17] 02:56:47 [141.212.122.59][1311964] rsp: 220 Start TLS negotiation
[2015.08.17] 02:56:47 [141.212.122.59][1311964] Exception negotiating TLS session: System.NullReferenceException: Object reference not set to an instance of an object.
[2015.08.17] 02:56:47 [141.212.122.59][1311964] disconnected at 8/17/2015 2:56:47 AM
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Joe Wolf Replied
August 18, 2015 at 5:05 PM
i was able to verify this as well.  Way too many of them for my liking.  I had to disable TLS 1.2 for now.
 
-Joe
Thanks,
-Joe
2
Matt Petty Replied
August 21, 2015 at 3:10 PM
Employee Post
We have fixed this and it is in today's minor release.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Bruce Barnes Replied
August 21, 2015 at 5:09 PM
Latest build installed and fix confirmed.
 
Thanks, SmarterTools!
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread