IMAP Gmail OAuth return "Could not create SSL/TLS secure channel."

0 votes
asked Oct 13, 2016 by pilouk (520 points)
retagged Nov 17, 2016 by Tomas Knopp

We are using framework 4.0 and have implemented the OAuth Gmail from this post : http://blog.rebex.net/howto-authenticate-gmail-rebex-oauth/

We have a weird issue that both function GetEmail or GetAccessToken actually work but sometimes it just failed with request error : "Could not create SSL/TLS secure channel.". It seem random but when it failed i need to restart my app to get it to work again.
I added a delegate ServicePointManager.ServerCertificateValidationCallback that always return true but the request failed from time to time.

EDIT : I found the problem and i think DEV should check it out.
My application create a session imap each time a window form is created which is the Inbox form.
The GetEmail Or GetAccessToken failed only after i use the IMAP library function like GetMailMessage. Here's why : It's seem that one of your function im guessing GetMAilMessage seems to reset or set ServicePointManager.SecurityProtocol other than tls which cause this request error when i try to open another session with the oauth function.
I fixed this by setting ServicePointManager.ServerCertificateValidationCallback and ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls in GetEmail and GetAccessToken before the query

Applies to: Rebex Secure Mail

2 Answers

0 votes
answered Oct 13, 2016 by pilouk (520 points)
 
Best answer

I fixed this by setting ServicePointManager.ServerCertificateValidationCallback and ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls in GetEmail and GetAccessToken before the query

+1 vote
answered Oct 13, 2016 by Lukas Pokorny (85,590 points)

I originally wanted to write that the "Could not create SSL/TLS secure channel" error message doesn't seem to come from Rebex libraries and ask for a communication log, but I noticed your update before posting that.

However, none of Rebex components actually uses .NET's ServicePointManager - not even our multi-platform TLS/SSL library. I can say for sure that Imap object's GetMailMessage does not change anything in ServicePointManager either.

Of course, our sample application uses Google's assemblies for OAuth. Those assemblies most likely uses .NET's HttpWebRequest for HTTPS communication, and that relies on ServicePointManager. However, if anything is changing its properties, it is almost certainly not a Rebex assembly.

commented Oct 13, 2016 by pilouk (520 points)
Ok thank you i will check further!
commented Oct 13, 2016 by Lukas Pokorny (85,590 points)
Thanks, and please let us know if you discover anything. We will try looking into this as well. Regardless the source of this issue, we would like to fix it to make our sample app better!
...