Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > XMail Server > Xmail Tls 1.2


Posted by: doublej Feb 21 2018, 03:23 PM
Hello everybody.

Here is a fan of Xmail since 2003. wink.gif

I'm running Xmail 1.27 on Windows with latest openssl (1.1.0g 2 Nov 2017).
I've setup SSL configuration (server.key, server.cert, server.tab, ...) and I'm able to connect through STARTTLS / SSL from several clients (Thunderbird, Android Mail, K9-Mail...).

Everything works fine but now TLS 1.0 is obsolete (and insecure). So I'm interested to setup a TLS 1.2.

With the following command we are able to see our SSL capabilities:
openssl s_client -connect mail.myxmailserver.com:25 -starttls smtp

My Xmail server ciphers connection with TLS1.0 as seen here:

QUOTE

New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA



On the other way, Gmail servers answer to same command with a nice TLS1.2, see now:
openssl s_client -connect smtp.gmail.com:25 -starttls smtp

QUOTE

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256



This is a MUST to send crypted email to masive servers as Gmail or Outlook. Now, even with a perfect setup we are sending emails though plain text because remote servers drops TLS1.0. This scenario implies loss of reputation and go to spam folder.

I guess how could we force Xmail to negotiate TLS 1.2.
I don't know if this kind of feature relies on openssl or is managed by Xmail executable.

Will be this issue enough to see a new release...? I will love a Xmail 1.28.... wink.gif

Thanks for your time.
Doublej.

Posted by: wizzydaz May 9 2018, 04:06 PM
I was also wondering this. I downloaded the source code from Davide's site and confirmed I could build it (from a Visual Studio Developer Command Prompt). I updated the OpenSSL libraries, but it would not build with the latest version. Unfortunately I don't know C++ so this is as far as I got.

There was some talk earlier in the year about setting up the source on Github and bringing it up to date, but this seems to have been forgotten too sad.gif

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)