TlsException: Fatal error 'ProtocolVersion'

0 votes
asked Jan 16, 2013 by Paul Ben (160 points)
edited Jan 18, 2013

Hello,

I am trying to send email wia SMTP. When I call method Connect, I have this error:

Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been encountered on the local connection end. ---> Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been encountered on the local connection end.
   at gbMKS.1UaphuZ.JZ4YLZ()
   at gbMKS.1UaphuZ.1rsOcLZ()
   --- End of inner exception stack trace ---
   at gbMKS.1UaphuZ.1rsOcLZ()
   at gbMKS.1UaphuZ.qzm1d()
   at Rebex.Net.TlsSocket.Negotiate()
   at gbMKS.1AUbEZ.sjyGnZ(TlsParameters )
   at Rebex.Net.Smtp.Connect(String serverName, Int32 serverPort, TlsParameters parameters, SmtpSecurity security)
   at SMTPTest.MainForm.btnTest_Click(Object sender, EventArgs e) in C:\Projects\Personal\SMTPTest\SMTPTest\SMTPTest\MainForm.cs:line 121

Error data [TlsException.GetData(null)]: 220

I am using Rebex Secure SMTP for .NET (2.0.4444.0).

SMTP server is Microsoft Exchange in Clound.

Server has these requirements:

  • Port 25.
  • Security TLS 1.1 (IMPLICIT).
  • Authentication method NTLM.

My code:

using (Smtp client = new Smtp())
{
    MailMessage message = new MailMessage();
    try
    {
        message.From = "my@domain.com"; // I am using real address
        message.To = "example@otherdomain.com"; // I am using real address
        message.Subject = "TEST";
        message.BodyText = "Congratulations. This email was successfully sent.";
        TlsParameters tlsParameters = new TlsParameters();
        tlsParameters.Version = TlsVersion.TLS11;
        tlsParameters.AllowedSuites = TlsCipherSuite.All;
        tlsParameters.CertificateVerifier = CertificateVerifier.AcceptAll;
        tlsParameters.CommonName = "smtp.myserver.com"; // I am using real SMTP server
        client.Connect("smtp.myserver.com", 25, tlsParameters, SmtpSecurity.Implicit);
        client.Login(SmtpAuthentication.Ntlm);
        client.Send(message);
    }
    finally
    {
        client.Disconnect();
    }
}

In Microsoft Outlook SMTP with these settings works fine, in my case fails. I tried more options (TLS 1.0, SSL, SmtpSecurity.Explicit) but without result.

With other settings I have these errors:

Rebex.Net.SmtpException: Explicit TLS/SSL is not supported by the SMTP server.
   at Rebex.Net.Smtp.1I1Vik(TlsParameters )
   at Rebex.Net.Smtp.Connect(String serverName, Int32 serverPort, TlsParameters parameters, SmtpSecurity security)
   at SMTPTest.MainForm.btnTest_Click(Object sender, EventArgs e) in C:\Projects\Personal\SMTPTest\SMTPTest\SMTPTest\MainForm.cs:line 121

OR

Rebex.Net.TlsException: Disallowed TLS/SSL protocol version. ---> Rebex.Net.TlsException: Disallowed TLS/SSL protocol version.
   at gbMKS.QsaHcZ.RYVUe(Byte[] , Int32 , Int32 , 1RjReZZ )
   at gbMKS.QsaHcZ.OnHandshakeReceived(Byte[] buffer, Int32 offset, Int32 count)
   at gbMKS.1UaphuZ.2YjOc(Byte[] , Int32 , Int32 )
   at gbMKS.1UaphuZ.1rsOcLZ()
   --- End of inner exception stack trace ---
   at gbMKS.1UaphuZ.1rsOcLZ()
   at gbMKS.1UaphuZ.qzm1d()
   at Rebex.Net.TlsSocket.Negotiate()
   at gbMKS.1AUbEZ.sjyGnZ(TlsParameters )
   at Rebex.Net.Smtp.1I1Vik(TlsParameters )
   at Rebex.Net.Smtp.Connect(String serverName, Int32 serverPort, TlsParameters parameters, SmtpSecurity security)
   at SMTPTest.MainForm.btnTest_Click(Object sender, EventArgs e) in C:\Projects\Personal\SMTPTest\SMTPTest\SMTPTest\MainForm.cs:line 121

Thank You for any suggestion.

3 Answers

0 votes
answered Jan 17, 2013 by Lukas Pokorny (94,350 points)
edited Jan 17, 2013

Error data of "220 " indicate that this is not TLS/SSL in implicit mode for sure, but either explicit or unsecure mode. This is further backed up by the fact that SMTP servers running at port 25 are not supposed to be secured using implicit TLS/SSL. It looks like the requirements listed above are not entirely correct.

Out of the two other error logs, the last one ("Disallowed TLS/SSL protocol version") seems to be the only one where the TLS negotiation actually started. Which settings did you used that time?

Also, would it be possible to let us know the actual server address? We could then try connecting ourselves and determine the proper settings. We don't need any credentials, just the server address - you can mail it to support@rebex.net if you don't wish to expose it in the forum.

0 votes
answered Jan 18, 2013 by Paul Ben (160 points)
edited Jan 18, 2013

Thanks for your answer.

If I use SmtpSecurity.Unsecure (without TLS/SSL) then all works fine. For technical support of my client, which I implement this solution, this is unacceptable. Insecure access is allowed only temporarily. Technical support claims that the secure connection through TLS 1.1 on port 25 works fine in other applications. Smtp servers are "smtp.rdm.cz" or "srvhk503.rdm.cz". Thank you so much.

Rebex.Net.TlsException: Disallowed TLS/SSL protocol version:

  • SmtpSecurity.Explicit
  • TlsVersion.TLS11
  • TlsCipherSuite.All

Rebex.Net.SmtpException: Explicit TLS/SSL is not supported by the SMTP server:

  • SmtpSecurity.Explicit
  • TlsVersion.TLS10
  • TlsCipherSuite.All

==================

  • SmtpSecurity.Explicit
  • TlsVersion.TLS10
  • TlsCipherSuite.All
  • EnabledExtensions ^= SmtpExtensions.ExplicitSecurity

Rebex.Net.TlsException: Fatal error 'ProtocolVersion' has been encountered on the local connection end:

  • SmtpSecurity.Implicit
  • TlsVersion.TLS10
  • TlsCipherSuite.All

==================

  • SmtpSecurity.Implicit
  • TlsVersion.TLS10
  • TlsCipherSuite.All
  • EnabledExtensions ^= SmtpExtensions.ExplicitSecurity

==================

  • SmtpSecurity.Implicit
  • TlsVersion.TLS11
  • TlsCipherSuite.All
0 votes
answered Jan 18, 2013 by Lukas Pokorny (94,350 points)
edited Jan 18, 2013

Unfortunately, it doesn't seem to be possible to resolve the "smtp.rdm.cz" or "srvhk503.rdm.cz" hostnames (and I tried from several different locations). Can you use the command line 'ping' utility to resolve them to an IP addresses and post those instead? That might work for us. Thanks!

I found an SMTP server at gun.rdm.cz, but that's most likely different from the one you use because the following code works fine:

        Smtp smtp = new Smtp();
        smtp.Settings.SslAcceptAllCertificates = true;
        smtp.Settings.SslAllowedSuites = TlsCipherSuite.All;
        smtp.Settings.SslAllowedVersions = TlsVersion.TLS10;
        smtp.Connect("gun.rdm.cz", 25, SslMode.Explicit);
...