| Author |
|
lmira
Newbie
Joined: 22 March 2011
Location: Canada
Online Status: Offline
Posts: 7
|
| Posted: 22 March 2011 at 9:29am | IP Logged
|
|
|
Hello,
I am trying to connect to an Exchange server through IMAP. The server requires a TLS connection on port 993. So I wrote the following:
Global.AutodetectPortAndSslMode = false;
imap = new Imap();
imap.SslMode = MailBee.Security.SslStartupMode.OnConnect;
imap.SslProtocol = MailBee.Security.SecurityProtocol.Tls1;
imap.Connect(imapConfig.Host, imapConfig.Port);
However by looking at the sniffed packets, I found out that my app is sometimes using SSL, sometimes using TLS to connect. This causes random connection errors.
What am i doing wrong?
Lotfi
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 22 March 2011 at 11:23am | IP Logged
|
|
|
There is indeed a bug there, and System.Security.Authentication.SslProtocols.Default was always used. We now fixed it. The new version of the .DLL will be released to public tomorrow.
regards,
Alex
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6168
|
| Posted: 23 March 2011 at 3:12am | IP Logged
|
|
|
Updated DLL is available for download now.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
lmira
Newbie
Joined: 22 March 2011
Location: Canada
Online Status: Offline
Posts: 7
|
| Posted: 23 March 2011 at 8:26am | IP Logged
|
|
|
Thank you for your quick reply.
However I still have the same problem. Although I selected TLS, I get random connection errors. The network analyzer shows that the "Client Hello" is randomly issued as SSL or TLS. In the sniffer logs it looks like this:
Secure Socket Layer
SSL Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 104
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 100
Version: TLS 1.0 (0x0301)
Random
Session ID Length: 32
Session ID: 9b010000c5f0da68e48998a582c00815d975d68b5e1f75e3...
Cipher Suites Length: 22
Cipher Suites (11 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 5
Extension: renegotiation_info
or
Secure Socket Layer
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 72
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 68
Version: TLS 1.0 (0x0301)
Random
Session ID Length: 0
Cipher Suites Length: 22
Cipher Suites (11 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 5
Extension: renegotiation_info
|
| Back to Top |
|
| |
lmira
Newbie
Joined: 22 March 2011
Location: Canada
Online Status: Offline
Posts: 7
|
| Posted: 23 March 2011 at 8:44am | IP Logged
|
|
|
For information, I have the same problem when using other protocol such as SSL3.
Secure Socket Layer
SSL Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 99
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 95
Version: SSL 3.0 (0x0300)
Random
Session ID Length: 32
Session ID: 2f120000bc9cb8b2947226a942d260a2eca4aaf9a13f02ca...
Cipher Suites Length: 24
Cipher Suites (12 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Secure Socket Layer
SSLv3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 67
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 63
Version: SSL 3.0 (0x0300)
Random
Session ID Length: 0
Cipher Suites Length: 24
Cipher Suites (12 suites)
Compression Methods Length: 1
Compression Methods (1 method)
|
| Back to Top |
|
| |
lmira
Newbie
Joined: 22 March 2011
Location: Canada
Online Status: Offline
Posts: 7
|
| Posted: 23 March 2011 at 9:03am | IP Logged
|
|
|
I can provide the full Wireshark capture files if needed.
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 23 March 2011 at 9:26am | IP Logged
|
|
|
Does it make a difference if you're using .net 1.1 version? When installing MailBee.NET Objects, you have an option to install MailBee.NET.dll for .NET 1.1 (it will work with newer .net as well). .net 1.1 version uses our own implementation of SSL layer while .net 2.0 version uses SslStream class.
Regards,
Alex
|
| Back to Top |
|
| |
lmira
Newbie
Joined: 22 March 2011
Location: Canada
Online Status: Offline
Posts: 7
|
| Posted: 23 March 2011 at 11:09am | IP Logged
|
|
|
Still having random connection error with version 1.1.
For the moment the only workaround I have is to retry connecting. It usually succeeds after 1 to 3 retry.
I did more testing vs Gmail and a different exchange server and cannot reproduce the issue.
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 23 March 2011 at 11:51am | IP Logged
|
|
|
If you connect with another IMAP client (like Outlook Express), which is installed on the same computer where you're using MailBee.NET, what happens?
Regards,
Alex
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 23 March 2011 at 11:53am | IP Logged
|
|
|
Also, which error messages exactly are you getting? With both .net 1.1 and .net 2.0 versions. And log files, please. You can submit this via HelpDesk.
Regards,
Alex
|
| Back to Top |
|
| |
lmira
Newbie
Joined: 22 March 2011
Location: Canada
Online Status: Offline
Posts: 7
|
| Posted: 23 March 2011 at 12:43pm | IP Logged
|
|
|
With Thunderbird I see the same problem in the sniffer log.
With .NET 2.0 Version
MailBee.MailBeeIOException
"Socket connection has been refused by remote host. InnerException message follows: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host."
[15:36:41.90] [INFO] Assembly version: 6.8.2.282.
[15:36:41.89] [INFO] Will resolve host "mail.client.com".
[15:36:41.93] [INFO] Host "mail.client.com" resolved to IP address(es) 10.0.0.210.
[15:36:41.93] [INFO] Will connect to host "mail.client.com" on port 993.
[15:36:42.21] [INFO] Socket connected to IP address 10.0.0.210 on port 993.
[15:36:42.57] [INFO] Error: Socket connection has been refused by remote host. InnerException message follows: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
With .NET 1.0 Version
MailBee.MailBeeSocketResetException
"An existing connection was forcibly closed by the remote host. InnerException message follows: An existing connection was forcibly closed by the remote host"
[15:40:41.79] [INFO] Assembly version: 6.8.1.281.
[15:40:41.79] [INFO] Will resolve host "mail.client.com".
[15:40:41.81] [INFO] Host "mail.client.com" resolved to IP address(es) 10.0.0.210.
[15:40:41.81] [INFO] Will connect to host "mail.client.com" on port 993.
[15:40:41.98] [INFO] Socket connected to IP address 10.0.0.210 on port 993.
[15:40:42.01] [INFO] Will create TLS/SSL credentials.
[15:40:42.03] [INFO] TLS/SSL credentials created.
[15:40:42.03] [INFO] Will start TLS/SSL negotiation sequence.
[15:40:42.20] [INFO] Error: An existing connection was forcibly closed by the remote host. InnerException message follows: An existing connection was forcibly closed by the remote host
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 23 March 2011 at 1:00pm | IP Logged
|
|
|
Looks like the problem is with this particular server.
As far as I know, Thunderbird, being cross-platform application, does not rely on Windows API for SSL connectivity. So, it seems the problem is not with .net or WinAPI. You may try to connect from another computer, though. Maybe, there is individual incompatibility between these two systems. Maybe, some kind of firewall or any other network traffic filter in the middle alters the traffic coming through.. Who knows.
Regards,
Alex
|
| Back to Top |
|
| |
lmira
Newbie
Joined: 22 March 2011
Location: Canada
Online Status: Offline
Posts: 7
|
| Posted: 23 March 2011 at 2:11pm | IP Logged
|
|
|
Thank you for your time.
|
| Back to Top |
|
| |
vdumas
Newbie
Joined: 28 July 2011
Location: Canada
Online Status: Offline
Posts: 12
|
| Posted: 28 July 2011 at 8:57am | IP Logged
|
|
|
We get the same undesirable "SSL Record Layer: Handshake Protocol: Client Hello"
randomly.
The server side dislike receiving those for Exchange IMAP (it denies the connection and closes the socket on the connect command ):
"Socket connection has been refused by remote host. InnerException message follows: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host"
How can I prevent this?
A simple
imap.SslProtocol = MailBee.Security.SecurityProtocol.Tls1;
imap.SslMode = MailBee.Security.SslStartupMode.OnConnect;
imap.Connect(server, port);
Should not send a "SSL Client Hello"
Instead if should send a "TLSv1 Record Layer Client Hello"
I tried using the latest version.
Is there a possibility we can get a version that does not send those packets?
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 28 July 2011 at 9:02am | IP Logged
|
|
|
Do you get the same problem with Thunderbird?
|
| Back to Top |
|
| |
vdumas
Newbie
Joined: 28 July 2011
Location: Canada
Online Status: Offline
Posts: 12
|
| Posted: 01 August 2011 at 8:17am | IP Logged
|
|
|
Ok we fixed this I think, we need to re-use the same IMAP instance :
public Imap Connect(string server, int port)
{
Log( "Trying " + server + ":" + port + "...\n");
Global.AutodetectPortAndSslMode = false;
Global.Pipelining = true;
MailBee.ImapMail.Imap.LicenseKey = _licenseKey;
MailBee.ImapMail.Imap imap = null;
DateTime start = DateTime.Now;
// try connect for 30 seconds
while (true)
{
try
{
if( imap == null )
imap = new Imap();
// configure encryption
imap.SslProtocol = MailBee.Security.SecurityProtocol.Tls1;
imap.SslMode = MailBee.Security.SslStartupMode.OnConnect;
//if (!imap.IsConnected)
if( !imap.IsConnected )
imap.Connect(server, port);
// connect did not throw exception, then sto.Tls1rying
Log( DateTime.Now + "- Success!" + Environment.NewLine );
break;
}
catch (MailBee.MailBeeIOException e)
{
// connect threw exception
if (start.AddSeconds(30) <= DateTime.Now)
{
Log( DateTime.Now + "- Failed for 30 seconds" + e.Message + Environment.NewLine;
this.Update();
if( imap.IsLoggedIn )
imap.Close();
//imap.Dispose();
// timeout expired, re-throw exception
throw e;
}
else
{
Log( DateTime.Now + "- Failed " + e.Message + Environment.NewLine);
if (imap.IsLoggedIn)
imap.Close();
// sleep and retry
System.Threading.Thread.Sleep(1000);
}
}
}
return imap;
}
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 01 August 2011 at 8:27am | IP Logged
|
|
|
Do you mean if fails for the first time, but on the second attempt it gets connected successfully?
Regards,
Alex
|
| Back to Top |
|
| |
vdumas
Newbie
Joined: 28 July 2011
Location: Canada
Online Status: Offline
Posts: 12
|
| Posted: 01 August 2011 at 9:22am | IP Logged
|
|
|
Spoke too soon.
This code does not work either I was trying to re-use the same IMAP instance twice. But the state is not re-used to remember
Thunderbird does it right, it tries (randomly ) to issue a "SSL Client Hello" only once then remembers it was not accepted by the server and retries with Tls1 after.
|
| Back to Top |
|
| |
vdumas
Newbie
Joined: 28 July 2011
Location: Canada
Online Status: Offline
Posts: 12
|
| Posted: 01 August 2011 at 9:24am | IP Logged
|
|
|
What we need is a way to disable completely the SSL Client Hello attempts or a way to make sure it is tried only once.
|
| Back to Top |
|
| |
vdumas
Newbie
Joined: 28 July 2011
Location: Canada
Online Status: Offline
Posts: 12
|
| Posted: 01 August 2011 at 9:29am | IP Logged
|
|
|
Can you confirm System.Security.Authentication.SslProtocols.Default is not always used? I behaves that way.
Specifies that either Secure Sockets Layer (SSL) 3.0 or Transport Layer Security
(TLS) 1.0 are acceptable for secure communications
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 01 August 2011 at 9:59am | IP Logged
|
|
|
Which version of MailBee.NET.dll is in use? You can issue Console.WriteLine(MailBee.Global.Version) in your application for that.
Regards,
Alex
|
| Back to Top |
|
| |
vdumas
Newbie
Joined: 28 July 2011
Location: Canada
Online Status: Offline
Posts: 12
|
| Posted: 01 August 2011 at 10:08am | IP Logged
|
|
|
I tried two.
The one we purchased 6.8.2.282 and the new version 6.10.2.310.
Both have the same behavior.
|
| Back to Top |
|
| |
vdumas
Newbie
Joined: 28 July 2011
Location: Canada
Online Status: Offline
Posts: 12
|
| Posted: 01 August 2011 at 10:08am | IP Logged
|
|
|
I also tried to compile in .NET 4.0 and .NET 2.0.
|
| Back to Top |
|
| |
Alex
AfterLogic Support
Joined: 19 November 2003
Online Status: Offline
Posts: 2207
|
| Posted: 01 August 2011 at 10:12am | IP Logged
|
|
|
The new version does actually use SslProtocol value. But are you sure 6.8.2.282 wasn't cached? Did you actually saw 6.10.2.310 in Console.WriteLine(MailBee.Global.Version) output?
Regards,
Alex
|
| Back to Top |
|
| |
vdumas
Newbie
Joined: 28 July 2011
Location: Canada
Online Status: Offline
Posts: 12
|
| Posted: 01 August 2011 at 10:59am | IP Logged
|
|
|
I am using the latest version as mentioned in the logs.
[13:58:59.56] [INFO] Assembly version: 6.10.2.310.
[13:58:59.56] [INFO] Will resolve host "10.0.0.210".
[13:58:59.57] [INFO] Host "10.0.0.210" resolved to IP address(es) 10.0.0.210.
[13:58:59.57] [INFO] Will connect to host "10.0.0.210" on port 993.
[13:58:59.64] [INFO] Socket connected to IP address 10.0.0.210 on port 993.
[13:58:59.73] [INFO] Error: Socket connection has been refused by remote host. InnerException message follows: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
[13:58:59.73] [INFO] Will disconnect from host "10.0.0.210".
[13:58:59.73] [INFO] Disconnected from host "10.0.0.210".
[13:59:00.74] [INFO] Will resolve host "10.0.0.210".
[13:59:00.74] [INFO] Host "10.0.0.210" resolved to IP address(es) 10.0.0.210.
[13:59:00.74] [INFO] Will connect to host "10.0.0.210" on port 993.
[13:59:00.80] [INFO] Socket connected to IP address 10.0.0.210 on port 993.
[13:59:00.89] [INFO] Error: Socket connection has been refused by remote host. InnerException message follows: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
[13:59:00.89] [INFO] Will disconnect from host "10.0.0.210".
[13:59:00.89] [INFO] Disconnected from host "10.0.0.210".
[13:59:01.90] [INFO] Will resolve host "10.0.0.210".
[13:59:01.90] [INFO] Host "10.0.0.210" resolved to IP address(es) 10.0.0.210.
[13:59:01.90] [INFO] Will connect to host "10.0.0.210" on port 993.
[13:59:01.96] [INFO] Socket connected to IP address 10.0.0.210 on port 993.
[13:59:02.05] [INFO] Error: Socket connection has been refused by remote host. InnerException message follows: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
[13:59:02.06] [INFO] Will disconnect from host "10.0.0.210".
[13:59:02.06] [INFO] Disconnected from host "10.0.0.210".
[13:59:03.06] [INFO] Will resolve host "10.0.0.210".
[13:59:03.06] [INFO] Host "10.0.0.210" resolved to IP address(es) 10.0.0.210.
[13:59:03.06] [INFO] Will connect to host "10.0.0.210" on port 993.
[13:59:03.13] [INFO] Socket connected to IP address 10.0.0.210 on port 993.
[13:59:03.21] [INFO] Error: Socket connection has been refused by remote host. InnerException message follows: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
[13:59:03.22] [INFO] Will disconnect from host "10.0.0.210".
[13:59:03.22] [INFO] Disconnected from host "10.0.0.210".
[13:59:04.23] [INFO] Will resolve host "10.0.0.210".
[13:59:04.23] [INFO] Host "10.0.0.210" resolved to IP address(es) 10.0.0.210.
[13:59:04.23] [INFO] Will connect to host "10.0.0.210" on port 993.
[13:59:04.30] [INFO] Socket connected to IP address 10.0.0.210 on port 993.
[13:59:04.37] [INFO] Error: Socket connection has been refused by remote host. InnerException message follows: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
[13:59:04.38] [INFO] Will disconnect from host "10.0.0.210".
[13:59:04.38] [INFO] Disconnected from host "10.0.0.210".
[13:59:05.39] [INFO] Will resolve host "10.0.0.210".
[13:59:05.39] [INFO] Host "10.0.0.210" resolved to IP address(es) 10.0.0.210.
[13:59:05.39] [INFO] Will connect to host "10.0.0.210" on port 993.
[13:59:05.46] [INFO] Socket connected to IP address 10.0.0.210 on port 993.
[13:59:05.54] [INFO] Error: Socket connection has been refused by remote host. InnerException message follows: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
[13:59:05.55] [INFO] Will disconnect from host "10.0.0.210".
[13:59:05.55] [INFO] Disconnected from host "10.0.0.210".
[13:59:06.56] [INFO] Will resolve host "10.0.0.210".
[13:59:06.56] [INFO] Host "10.0.0.210" resolved to IP address(es) 10.0.0.210.
[13:59:06.57] [INFO] Will connect to host "10.0.0.210" on port 993.
[13:59:06.63] [INFO] Socket connected to IP address 10.0.0.210 on port 993.
[13:59:06.71] [INFO] Error: Socket connection has been refused by remote host. InnerException message follows: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
[13:59:06.72] [INFO] Will disconnect from host "10.0.0.210".
[13:59:06.72] [INFO] Disconnected from host "10.0.0.210".
[13:59:07.73] [INFO] Will resolve host "10.0.0.210".
[13:59:07.73] [INFO] Host "10.0.0.210" resolved to IP address(es) 10.0.0.210.
[13:59:07.74] [INFO] Will connect to host "10.0.0.210" on port 993.
[13:59:07.80] [INFO] Socket connected to IP address 10.0.0.210 on port 993.
[13:59:08.28] [RECV] * OK The Microsoft Exchange IMAP4 service is ready.\r\n [Total 53 bytes received.]
[13:59:08.30] [INFO] Get the list of IMAP4 capabilities via CAPABILITY command.
[13:59:08.30] [SEND] MBN00000001 CAPABILITY\r\n
[13:59:08.37] [RECV] * CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN IDLE NAMESPACE LITERAL+\r\n [Total 87 bytes received.]
[13:59:08.37] [RECV] MBN00000001 OK CAPABILITY completed.\r\n [Total 38 bytes received.]
[13:59:08.38] [INFO] Connected to mail service at host "10.0.0.210" on port 993 and ready.
|
| Back to Top |
|
| |
MailBee.NET Objects 
MailBee.NET Queue 
MailBee Objects 
WebMail Pro PHP 
AfterLogic Aurora 
MailSuite Pro for Linux 
Unified Messaging Solution 
Search
Register
Login
Topic: Random security protocol
Privacy policy |
Refund policy