Replacing SMTPSecureSocket? MBS? Need TLS 1.3

General
1

Hi everyone,

I have a project that needs to replace SMTPSecureSocket because of the Office 365 failures and the need for TLS 1.3

Does anyone have experience or suggestions to go about doing this? The more “drop in” the better. Plugins are acceptable.

Pinging the email queen @Beatrix_Willius

Thanks for any input!
Tim

2

The Chilkat plugin supports TLS 1.3. See MailMan Xojo Plugin Reference Documentation . But it’s not a “drop in” solution.

On the to-do list for the next version of my app is support for Gmail and Office 365 with OAuth. The Chilkat plugin has examples. But they are a bit bare.

1 Like
3

Does the MBS not have it somehow through CURL ?

4

I converted my email application to use CURLEmailMBS and CurlSMBS when we started having issues with clients using Office 365. Took less than an hour.

I’ll try to throw together a comparison of what I had to change.

1 Like
5

I had been under this impression, but was hoping someone had a little more “oh here’s how,” or there’s an example, or perhaps docs I need to read.

It sounds like @Steve_Koger might have something great to share, and I eagerly await.

6

I’ve taken this code from my console app that is used to send a simple email message. This is not copy and paste code but should give you a comparison of how it was done with SMTPSecureSocket vs CURLEmailMBS and CURLSMBS. Obviously you must have the Monkeybread plugins to use this code. Hope this helps someone.

Old SMTPSecureSocket Connection Code:

Dim Server,UserName,Password,fromAddress,toAddress,Subject,Message as String
Dim SMTPConnect as New SMTPSecureSocket

SMTPConnect.Address=Server
SMTPConnect.port = Port
SMTPConnect.Secure = True
SMTPConnect.ConnectionType = SSLSocket.TLSv12
type or paste code here

New CURLEmailMBS Connection Code

Dim Server,UserName,Password,fromAddress,toAddress,Subject,Message as String
Dim SMTPConnect as New CURLEmailMBS
Dim c as New CurlSMBS
  SMTPConnect.SMTPServer=Server
c.OptionPort = Port
c.OptionUseSSL= c.kFTPSSL_ALL
c.OptionSSLVersion=5

Old SMTPSecureSocket Message Creation & Sending Code:

Dim mail as New EmailMessage
  mail.FromAddress=fromAddress
  mail.subject= Subject
  mail.AddRecipient toAddress
  mail.bodyPlainText = Message

SMTPConnect.RemoveAllMessages
SMTPConnect.Messages.Append mail
SMTPConnect.SendMail
Do
  App.DoEvents
Loop Until Sent=True

New CURLEmailMBS Message Creation and Sending Code


SMTPConnect.SetFrom fromAddress,""
  SMTPConnect.subject= Subject
  SMTPConnect.Addto toAddress,""
  SMTPConnect.PlainText = Message

if c.SetupEmail(SMTPConnect) Then
  dim er as Integer = c.Perform
  if er = 0 then
    Print "Email was sent successfully!"
  Else
    Print "Curl Server Error: "+Er.ToString+" "+c.LasterrorMessage
  end if
Else
  Print  "Curl Client Error: "+c.Lasterror.ToString+" "+c.LasterrorMessage
End If
4 Likes
7

Really TLS 1.3?
CURL contacts server and offers 1.3, I think.

have you tried it?
What error do you see?

8

The OptionSSLVersion numbers from the Monkeybread Documentation:

TLSv1.0	4	TLS v1.0 or later (Added in 7.34.0)
TLSv1.1	5	TLS v1.1 or later (Added in 7.34.0)
TLSv1.2	6	TLS v1.2 or later (Added in 7.34.0)
TLSv1.3	7	TLS v1.3 or later (Added in 7.52.0)

So should support TLS v1.1 or later with the 5 that I set.

1 Like
9

Thank you for all the details, Steve! I will have to try this out and report back.

10

@Tim_Parnell were you able to get it working with the Monkeybread plugin?

11

It may be a few more days before I have your solution replaced into this project, but I would definitely consider your post the answer to my original question. Thank you so much for your help!

1 Like
12

I’ve just been trying to connect to an endpoint with TCP over SSL that required TLS1.3.

Can I just confirm whether the Xojo native SSLSocket supports TLS1.3? If not, why not?

Managed to get my app working using Monkeybread’s CurlSMBS plugin with a little help from Christian.

13

Xojo is missing TLS 1.3 support. Don’t know why it is not supported - I also had to move to CurlMBS to make my apps TLS1.3 aware…

14

3 years are gone.

https://tracker.xojo.com/xojoinc/xojo/-/issues/63719

Xojo is risking a new “Facebook crash” (2024-03-05) event, but now in their user base. Once everything starts to blow up, they will need to rush and do in 3 hours what they did not in 3 years.

https://tracker.xojo.com/xojoinc/xojo/-/issues/71663#note_548855

image
image995×383 45.8 KB

15

What is so difficult about implementing TLS 1.3? Are there license costs for this or might the entire technical substructure have to be changed?

Otherwise, I can’t think of any sensible reason why the protocol that was introduced in 2018 (TLS 1.2 dates back to 2008) is not supported even after almost six years…

As more and more providers mandate the use of TLS 1.3, it is slowly becoming urgent.

16

Indeed! I’ve just added my vote and more of us should do the same. :+1:

17

Any MVP can mention this on their talks with Xojo?

Buying the MBS plugins just to connect with TLS 1.3 is not an option for many.

18

Will do.

5 Likes
19

This is now scheduled for 2024R2.

7 Likes