Back to Community Threads
SmarterMail 14.2.5704 TLS 1.2 Support (Almost...) but trips up on the new Cipher Suites
Problem reported by James Grangeia - 8/17/2015 at 8:45 PM
Resolved
So the good news is that this version will indeed support negotiating TLS1.2 !!!  That is awesome and thank you developers!
 
The bad news is that when you install a Cert with a SHA 256 Hash and it negotiates with a SMTP server that utilizes a newer TLS 1.2 cipher suite such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 will cause the following error:
 
[2015.08.18] 03:19:55 [x.x.x.x][X] Exception negotiating TLS session: System.NullReferenceException: Object reference not set to an instance of an object.
[2015.08.18]    at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting, Log log, String sessionId)
[2015.08.18]    at MailService.TcpServerLib.Common.PooledTcpItem.ConvertToSSL(IPBindingPort setting)
[2015.08.18]    at MailService.TcpServerLib.SMTP.SMTPSession.#W8()
 
Basically it will negotiate TLS 1.2 just fine but if it is asked to use a cipher suite introduced with TLS 1.2 it breaks down and cries uncle...
 
 
Bruce Barnes Replied
8/17/2015 at 9:01 PM
CONFIRMED:
 
[2015.08.17] 02:56:47 [141.212.122.59][1311964] rsp: 220 securemail.chicagonettech.com  Mon, 17 Aug 2015 07:56:47 +0000 UTC | SmarterMail Enterprise 14.2.5704.15544
[2015.08.17] 02:56:47 [141.212.122.59][1311964] connected at 8/17/2015 2:56:47 AM
[2015.08.17] 02:56:47 [141.212.122.59][1311964] cmd: EHLO eecs.umich.edu
[2015.08.17] 02:56:47 [141.212.122.59][1311964] rsp: 250-securemail.chicagonettech.com Hello [141.212.122.59]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2015.08.17] 02:56:47 [141.212.122.59][1311964] cmd: STARTTLS
[2015.08.17] 02:56:47 [141.212.122.59][1311964] rsp: 220 Start TLS negotiation
[2015.08.17] 02:56:47 [141.212.122.59][1311964] Exception negotiating TLS session: System.NullReferenceException: Object reference not set to an instance of an object.
[2015.08.17] 02:56:47 [141.212.122.59][1311964] disconnected at 8/17/2015 2:56:47 AM
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
Bruce Barnes Replied
8/17/2015 at 9:01 PM
Good catch, James!
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
Joe Wolf Replied
8/18/2015 at 5:05 PM
i was able to verify this as well.  Way too many of them for my liking.  I had to disable TLS 1.2 for now.
 
-Joe
Thanks, -Joe
Matt Petty Replied
8/21/2015 at 3:10 PM
Employee Post
We have fixed this and it is in today's minor release.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
Bruce Barnes Replied
8/21/2015 at 5:09 PM
Latest build installed and fix confirmed.
 
Thanks, SmarterTools!
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
TLS 1.0/1.1 Deprecation InformationGeneral Topics
SmarterMail Servers and TLS SupportSmarterMail > Installation and Configuration
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Troubleshooting Tips for Online MeetingsSmarterMail > Troubleshooting