Exception negotiating TLS session: System.NullReferenceException: Object reference not set to an instance of an object.
Problem reported by Neil Colvin - June 24, 2015 at 4:18 PM
Submitted
When TLS is enabled, the following occurs on EVERY STARTTLS command received.  Only solution is to disable TLS.
This is 14.0.5647.
 
[2015.06.24] 10:49:37 [198.21.5.86][24343486] cmd: STARTTLS
[2015.06.24] 10:49:37 [198.21.5.86][24343486] rsp: 220 Start TLS negotiation
[2015.06.24] 10:49:37 [198.21.5.86][24343486] Exception negotiating TLS session: System.NullReferenceException: Object reference not set to an instance of an object.
[2015.06.24]    at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting, Log log, String sessionId)
[2015.06.24]    at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting)
[2015.06.24]    at MailService.TcpServerLib.SMTP.SMTPSession.#W8()
 

8 Replies

Reply to Thread
0
Did you properly export the SmarterMail CER file, mapping it to port 25 and 587 (port 25 for MX to MX traffic, and port 587 for client to MX ttaffic)? Are you running under IIS? Did you properly add the primarily, and secondary certificates to the operating system SSL store?
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
I followed these instructions exactly:
 
portal.smartertools.com/kb/a2671/configure-ssl-tls-to-secure-smartermail.aspx
 
They do not mention most of the steps you mention in your post :(
 
I am running under IIS 7
 
 
0
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
I had done all that.  That was when I got the exception.  I have removed the TLS from the ports, and all works perfectly.
0
Matt Petty Replied
Employee Post
SmarterMail 14 supports .pfx files for setting up your SSL for your ports. It might be worth giving that a shot.

When you put the .pfx file in you should see a password field get added to that window, if you have given your .pfx file a password then your going to need to enter it into that field.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
I just worked on one of these cases for a company in Pittsburgh Pennsylvania, and it turned out to be three issues:
 
  1. the CER file had not been properly exported
  2. the SECONDARY certificates had not been added to the SSL store
  3. the proper certificate had not been mapped to SSL
There is a whole lot more to this than just the SmarterMail portion.
 
additionally, all SSL ciphers are now depreciated and only TLS is allowed, so TLS 1.0, TLS 1.1, and TLS 1.2 must, depending on the capability of the operating system version, have been properly enabled.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
This is Windows Server 2008 R2.
 
All of the "Test Certificate" ran correctly.
 
The instructions only refer to a single certificate ???
0
Test your MAIL SERVER's fully qualified domain name, IE: mail.yourdomain.com, against this URL and see how it reports:
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread