Inicio → WEBDEV 26 → TLS 1.2 support in EmailStartSMTPSession()
TLS 1.2 support in EmailStartSMTPSession()
Iniciado por Vilius, 21,jul. 2022 08:29 - 3 respuestas
Miembro registrado
3 mensajes
Publicado el 21,julio 2022 - 08:29
Does anyone which version of WebDev started to support TLS 1.2 in EmailStartSMTPSession()?

I've read multiple posts on the internet that WebDev uses WinInet and Schannel to make TLS socket connections, however from my experiments it seams that no matter which Windows OS I use, or how WinInet is configured, EmailStartSMTPSession() always tries to establish a connection with hardcoded TLS 1.0 parameters. For example if I disable TLS 1.0 it doesn't switch to 1.1 or 1.2 and just produces schannel error.

P.S. Before anyone suggests, I cannot use EmailConfigure() as our application is still running under WebDev 22 and we won't rewrite it to WebDev 26 just to that purpose, so ideally I would want to know exact versions when TLS 1.2 became supported.
Miembro registrado
227 mensajes
Popularité : +13 (13 votes)
Publicado el 21,julio 2022 - 08:57

We were able to successfully use EmailConfigure() on a WebDev 24 project to make it compatible with TLS 1.2. The documentation seems to imply that it'd be possible on a WebDev 23 project, as that's the first one that supports EmailConfigure() on websites.

For projects on older versions, we had to rely on command-line tools (most usually CMail.exe) called with ExeRun() and the correct list of arguments. But sometimes that's more work than just migrate to a new version.

If you have full access to your server, an other solution would be to install a local SMTP server without any TLS config and make it act as a smart host that relays your emails to the TLS 1.2 SMTP server. Handling of the TLS handshake would then be the responsability of the smart host, not WebDev.
Miembro registrado
3 mensajes
Publicado el 21,julio 2022 - 12:07
I appreciate you response. As I said I cannot use EmailConfigure() because it is not available on WebDev 22.

My question was regarding TLS 1.2 in *default* EmailStartSMTPSession implementation, i.e. when it is used with native WinInet implementation on Windows. Does anyone know which version of WebDev started to support TLS 1.2 in EmailStartSMTPSession without switching to EmailConfigure()?
Miembro registrado
3 mensajes
Publicado el 27,julio 2022 - 07:33
Just leaving it here for others:

I've got a vague response from the support that TLS is auto-negotiated since WebDev version 23. Earlier versions have TLS version hardcoded unfortunately. The related blog post https://blogs.pcsoft.fr/fr/protocole-tls-version-utilisee-lors-echanges-tcp-serveur/281474976711009/read.awp