Inicio → WEBDEV 27 → TLS 1.2 support in EmailStartSMTPSession()
TLS 1.2 support in EmailStartSMTPSession()
Iniciado por Vilius, jul., 21 2022 9:29 AM - 3 respostas
Membro registado
3 mensagems
Publicado em julho, 21 2022 - 9:29 AM
Does anyone which version of WebDev started to support TLS 1.2 in EmailStartSMTPSession()?

I've read multiple posts on the internet that WebDev uses WinInet and Schannel to make TLS socket connections, however from my experiments it seams that no matter which Windows OS I use, or how WinInet is configured, EmailStartSMTPSession() always tries to establish a connection with hardcoded TLS 1.0 parameters. For example if I disable TLS 1.0 it doesn't switch to 1.1 or 1.2 and just produces schannel error.

P.S. Before anyone suggests, I cannot use EmailConfigure() as our application is still running under WebDev 22 and we won't rewrite it to WebDev 26 just to that purpose, so ideally I would want to know exact versions when TLS 1.2 became supported.
Membro registado
253 mensagems
Popularité : +13 (13 votes)
Publicado em julho, 21 2022 - 9:57 AM

We were able to successfully use EmailConfigure() on a WebDev 24 project to make it compatible with TLS 1.2. The documentation seems to imply that it'd be possible on a WebDev 23 project, as that's the first one that supports EmailConfigure() on websites.

For projects on older versions, we had to rely on command-line tools (most usually CMail.exe) called with ExeRun() and the correct list of arguments. But sometimes that's more work than just migrate to a new version.

If you have full access to your server, an other solution would be to install a local SMTP server without any TLS config and make it act as a smart host that relays your emails to the TLS 1.2 SMTP server. Handling of the TLS handshake would then be the responsability of the smart host, not WebDev.
Membro registado
3 mensagems
Publicado em julho, 21 2022 - 1:07 PM
I appreciate you response. As I said I cannot use EmailConfigure() because it is not available on WebDev 22.

My question was regarding TLS 1.2 in *default* EmailStartSMTPSession implementation, i.e. when it is used with native WinInet implementation on Windows. Does anyone know which version of WebDev started to support TLS 1.2 in EmailStartSMTPSession without switching to EmailConfigure()?
Membro registado
3 mensagems
Publicado em julho, 27 2022 - 8:33 AM
Just leaving it here for others:

I've got a vague response from the support that TLS is auto-negotiated since WebDev version 23. Earlier versions have TLS version hardcoded unfortunately. The related blog post https://blogs.pcsoft.fr/fr/protocole-tls-version-utilisee-lors-echanges-tcp-serveur/281474976711009/read.awp