Mailing List CGatePro@mail.stalker.com Message #106875
From: Ralf Zenklusen, BAR Informatik AG r.zenklusen@barinformatik.ch <CGatePro@mail.stalker.com>
Subject: AW: TLS version, fix one break another
Date: Mon, 25 Jun 2018 17:19:31 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro MAPI Connector 1.52.54.12/1.54.12.21
Hi Dmitry
that sounds great - thanks.

What exactly means " offered TLS version will be reduced after each connection failure"?
-From the set TLS to just one below?
-Or one down for every following failure? First failure one down and again one down for the next failure etc. until plain?


What happens if the lowest/lower TLS version is reached?
- Will the server try that version until the message fails
-Or will it start again with the highest (the one set) version? And if that fails go one version down?



Kind regards
Ralf


-----Ursprüngliche Nachricht-----
Von: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com]
Gesendet: Montag, 25. Juni 2018 16:25
An: CommuniGate Pro Discussions
Betreff: Re: TLS version, fix one break another

Hello,

On 2018-06-05 13:00, Ralf Zenklusen, BAR Informatik AG
r.zenklusen@barinformatik.ch wrote:
> Well, yes that's probably our main problem at the moment mainly because we see this more and more.
> Some servers support only weak cyphers, others need strong cyphers. Some need TLS3 others support  only 2.... etc.
> It's impossible to satisfy all these requirements.
>
> We get more and more complains that emails don't get through.
> We then need to identify the reason for the "broken connection and set the domain manually to "send plain" at Settings->Mail->SMTP->Sending->Send Encrypted.
>
> CGate should really (try to) fall back to plain automatically, if it fails to make a secure connection.
> Obviously it would be good to have a setting per domain or the possibility to override for connections that you need to keep safe.
>
> Really hope this will appear in one of the next releases.

In 6.2.6 (due early July) there will be an option with TLS version to
suggest on outgoing connections and for connections with optional
security (that is, not for the hosts in the Send securely list) the
offered TLS version will be reduced after each connection failure.

>
>
> Kind regards
> Ralf
>
>  
> r.zenklusen@barinformatik.ch
> -----Ursprüngliche Nachricht-----
> Von: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com]
> Gesendet: Dienstag, 5. Juni 2018 03:23
> An: CommuniGate Pro Discussions
> Betreff: TLS version, fix one break another
>
> I had some emails stuck in the queue, with the already known error
> "Error Code=TLS record
> version is not 3.x"
> So I implemented the solution detailed on a post here a couple of
> months ago, creating a Startup.sh file with the parameter
> "--SMTPOutgoingTLSVersion 3"
> Voilà ! after restarting, those emails that were stuck went through..!
>
> But... (why always a but!?) ... another whole set of emails began
> queuing up, with "connection is broke" and no further explanation.
> Specifically all domains hosted by Microsoft's services.
>
> I removed the Startup.sh fix, restarted, and all those emails went through.
>
> So, is there a solution that works for all and does not create it's
> own set of problems?
>
> best regards,
>
> Roberto
>
> #############################################################
> This message is sent to you because you are subscribed to
>    the mailing list <CGatePro@mail.stalker.com>.
> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
> Send administrative queries to  <CGatePro-request@mail.stalker.com>
>
>
>
>
> #############################################################
> This message is sent to you because you are subscribed to
>    the mailing list <CGatePro@mail.stalker.com>.
> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
> Send administrative queries to  <CGatePro-request@mail.stalker.com>
>

--
Best regards,
Dmitry Akindinov

=======================================================================
When answering to letters sent to you by the tech.support staff, make
sure the original message you have received is included into your
reply.

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster