Mailing List Message #106405
From: Nicolas Hatier <>
Subject: Re: SMTP and TLS 1.2
Date: Thu, 11 May 2017 22:27:50 -0400
To: CommuniGate Pro Discussions <>
Makes sense, thanks a lot. I will try that.

Nicolas Hatier, ing. <>
Niversoft idées logicielles -

On 2017-05-11 16:07, Ralf Zenklusen, BAR Informatik AG wrote:

Hi Nicolas,

well, Dmitry wrote in 2015:

TLS in outgoing SMTP sessions is constrained to version 1.0 because of potential problems negotiating 1.1 and up with older SSL/TLS implementations. If you sure that negotiating 1.1. or 1.2 won't cause problems with remote servers, you can add --SMTPOutgoingTLSVersion 2 or --SMTPOutgoingTLSVersion 3 to startup options list to allow negotiation of TLS 1.1 and 1.2, respectively.


Not sure if this is still valid.

But obviously on my whishlist is “send plain if SSL/TLS negotiation fails”.

We shurly need to go in that direction…



Kind regards





Von: CommuniGate Pro Discussions [] Im Auftrag von Nicolas Hatier
Gesendet: Donnerstag, 11. Mai 2017 18:59
An: CommuniGate Pro Discussions <>
Betreff: SMTP and TLS 1.2



Can CGP send using TLS 1.2 when forwarding mail to a smarthost? (SMTP / Sending , Forward to...)

My client's ISP tells me TLS 1.2 is enabled on their server and they are going to retire 1.0 within a few months.
Send Encrypted (at the bottom of the same page) is configured properly.

However, in the logs, the TLS version used always seems to be 1.0:

12:32:03.191 2 TLS-000006 created(TLSv1.0,ECDHE_AES256_SHA) -> [x.x.x.x]:587 for SMTP-000007
12:32:03.277 4 SMTP-000007(*) TLS-000006 secure(ECDHE_AES256_SHA) connection opened

I don't know enough about TLS to be sure whether or not the issue is on CGP side or on the ISP side.



Nicolas Hatier, ing. <>
Niversoft idées logicielles -

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster