SMTPSecureSocket not using TLS 1.2?

Paul_Lefebvre · April 14, 2022, 2:55pm

The case was auto-closed, but I have re-opened it. I do think a sample project of any kind would be helpful. If someone has something they can share, please add it to the case.

Tim_Parnell · April 14, 2022, 3:06pm

The key problem is the other end rejects the request because of the initial TLS 1.0 handshake. You have to connect to a server that rejects the initial TLS 1.0 request like Office 365. The SMTPSecureSocket.xojo_binary_project example project will do this.

Stanley_Roche_Busk · April 14, 2022, 5:11pm

Not all Office365 shows that behavior, not sure why. I have right now one account that does and the other not. Same server, same settings but different credentials.

This is the one that connects:

[01] 4/14 11:07:00 220 BN6PR11CA0069.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 14 Apr 2022 17:06:59 +0000
[01] 4/14 11:07:00 > EHLO [192.168.100.82]
[01] 4/14 11:07:00 250-BN6PR11CA0069.outlook.office365.com Hello [179.42.225.0]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
[01] 4/14 11:07:00 > STARTTLS
[01] 4/14 11:07:00 220 2.0.0 SMTP server ready
[01] 4/14 11:07:00 ~ Connected
[01] 4/14 11:07:00 > EHLO [192.168.100.82]
[01] 4/14 11:07:00 250-BN6PR11CA0069.outlook.office365.com Hello [179.42.225.0]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN XOAUTH2
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
[01] 4/14 11:07:00 > AUTH LOGIN
[01] 4/14 11:07:00 334 VXNlcm5hbWU6
[01] 4/14 11:07:00 > maxprog@hotmail.com
[01] 4/14 11:07:00 334 UGFzc3dvcmQ6
[01] 4/14 11:07:00 > ********************
[01] 4/14 11:07:03 235 2.7.0 Authentication successful

and the one that doesn’t:

[01] 4/14 11:09:33 220 BN6PR1401CA0006.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 14 Apr 2022 17:09:32 +0000
[01] 4/14 11:09:33 > EHLO [192.168.100.82]
[01] 4/14 11:09:33 250-BN6PR1401CA0006.outlook.office365.com Hello [179.42.225.0]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
[01] 4/14 11:09:33 > STARTTLS
[01] 4/14 11:09:33 220 2.0.0 SMTP server ready
[01] 4/14 11:09:33 ~ Connected
[01] 4/14 11:09:33 > EHLO [192.168.100.82]
[01] 4/14 11:09:33 250-BN6PR1401CA0006.outlook.office365.com Hello [179.42.225.0]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN XOAUTH2
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
[01] 4/14 11:09:33 > AUTH LOGIN
[01] 4/14 11:09:33 334 VXNlcm5hbWU6
[01] 4/14 11:09:33 > Maxbulk@totalfood.com
[01] 4/14 11:09:33 334 UGFzc3dvcmQ6
[01] 4/14 11:09:33 > ********
[01] 4/14 11:09:34 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2. Visit New opt-in endpoint available for SMTP AUTH clients still needing legacy TLS - Microsoft Tech Community. [BN6PR1401CA0006.namprd14.prod.outlook.com]

Andreas_Reichmann · April 14, 2022, 5:19pm

Because Microsoft rejects this only at a certain percentage which is increased every month until only >=TLS 1.2 is accepted.