Reply to this topicStart new topicStart Poll

> Xmail Tls 1.2, Upgrade to this protocol possible?
doublej
Posted: Feb 21 2018, 03:23 PM
Quote Post


Newbie
*

Group: Members
Posts: 1
Member No.: 2427
Joined: 7-February 07



Hello everybody.

Here is a fan of Xmail since 2003. wink.gif

I'm running Xmail 1.27 on Windows with latest openssl (1.1.0g 2 Nov 2017).
I've setup SSL configuration (server.key, server.cert, server.tab, ...) and I'm able to connect through STARTTLS / SSL from several clients (Thunderbird, Android Mail, K9-Mail...).

Everything works fine but now TLS 1.0 is obsolete (and insecure). So I'm interested to setup a TLS 1.2.

With the following command we are able to see our SSL capabilities:
openssl s_client -connect mail.myxmailserver.com:25 -starttls smtp

My Xmail server ciphers connection with TLS1.0 as seen here:

QUOTE

New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA



On the other way, Gmail servers answer to same command with a nice TLS1.2, see now:
openssl s_client -connect smtp.gmail.com:25 -starttls smtp

QUOTE

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256



This is a MUST to send crypted email to masive servers as Gmail or Outlook. Now, even with a perfect setup we are sending emails though plain text because remote servers drops TLS1.0. This scenario implies loss of reputation and go to spam folder.

I guess how could we force Xmail to negotiate TLS 1.2.
I don't know if this kind of feature relies on openssl or is managed by Xmail executable.

Will be this issue enough to see a new release...? I will love a Xmail 1.28.... wink.gif

Thanks for your time.
Doublej.
PMEmail Poster
Top
wizzydaz
Posted: May 9 2018, 04:06 PM
Quote Post


Newbie
*

Group: Members
Posts: 22
Member No.: 791
Joined: 7-November 03



I was also wondering this. I downloaded the source code from Davide's site and confirmed I could build it (from a Visual Studio Developer Command Prompt). I updated the OpenSSL libraries, but it would not build with the latest version. Unfortunately I don't know C++ so this is as far as I got.

There was some talk earlier in the year about setting up the source on Github and bringing it up to date, but this seems to have been forgotten too sad.gif
PMEmail Poster
Top
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | XMail Server | Next Newest »

Reply to this topicStart new topicStart Poll