Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > XMail Server > Xmail Tls 1.2


Posted by: doublej Feb 21 2018, 03:23 PM
Hello everybody.

Here is a fan of Xmail since 2003. wink.gif

I'm running Xmail 1.27 on Windows with latest openssl (1.1.0g 2 Nov 2017).
I've setup SSL configuration (server.key, server.cert, server.tab, ...) and I'm able to connect through STARTTLS / SSL from several clients (Thunderbird, Android Mail, K9-Mail...).

Everything works fine but now TLS 1.0 is obsolete (and insecure). So I'm interested to setup a TLS 1.2.

With the following command we are able to see our SSL capabilities:
openssl s_client -connect mail.myxmailserver.com:25 -starttls smtp

My Xmail server ciphers connection with TLS1.0 as seen here:

QUOTE

New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA



On the other way, Gmail servers answer to same command with a nice TLS1.2, see now:
openssl s_client -connect smtp.gmail.com:25 -starttls smtp

QUOTE

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256



This is a MUST to send crypted email to masive servers as Gmail or Outlook. Now, even with a perfect setup we are sending emails though plain text because remote servers drops TLS1.0. This scenario implies loss of reputation and go to spam folder.

I guess how could we force Xmail to negotiate TLS 1.2.
I don't know if this kind of feature relies on openssl or is managed by Xmail executable.

Will be this issue enough to see a new release...? I will love a Xmail 1.28.... wink.gif

Thanks for your time.
Doublej.

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)