Forums
SolidCP
General Questions
SolidCP Cannot comm...
 
Notifications
Clear all

SolidCP Cannot communicate with Smartermail servers that don't use or support TLS 1.0 (Insecure)

 
General Questions
5 Posts
2 Users
0 Likes
889 Views
RSS
Posts: 60
 Jade
Topic starter
Jan 05, 2021 12:10 pm
(@shabsta)
Member
Joined: 7 years ago

Apologies for this has been addressed or released as an update, but I did take a look through the changelog and see no mention of support for tls 1.1 or higher.

We made changes to environment and removed insecure cipher suits including TLS 1.0 and after doing this SolidCP cannot communicate with SmarterMail Server.

If the smartermail server is patched using IIS Crypto with FIPS, Strict, PCI 3.2 Profile, communication from SolidCP fails with the error below

[1/5/2021 10:52:43 AM] ERROR: 'SmarterMail 10.x +' GetDomain
System.Exception: Could not get the list of mail domains ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at SolidCP.Mail.SM10.svcDomainAdmin.GetAllDomains(String AuthUserName, String AuthPassword)
at SolidCP.Providers.Mail.SmarterMail10.GetDomains()
--- End of inner exception stack trace ---
at SolidCP.Providers.Mail.SmarterMail10.GetDomains()
at SolidCP.Server.MailServer.GetDomains()

Is there a change that can be made within the web.config of solidcp's files to remove depreciated versions of TLS?
Google suggests adding the following, but I dont see where it should be added to

<code>ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;</code>
4 Replies
Posts: 1964
 Marco Tiggelaar
Admin
Jan 05, 2021 3:25 pm
(@m-tiggelaar)
Noble Member
Joined: 8 years ago

Hello,

Normally i would expect to see this when one server isn't configured with the same ciphers as the other.

Can you confirm your SolidCP Portal and Enterprise is also patched identically?.

Regards,

Marco

Reply
Posts: 60
 Jade
Topic starter
Jan 05, 2021 3:28 pm
(@shabsta)
Member
Joined: 7 years ago

Hey Marco,

Thanks for the response. I also suspected the same and applied the same patching to the Portal and Enterprise server hoping that it would resolve the issue but unfortunately this did not work.

From what I can tell .net needs to be told not to use tls version 1

Reply
Posts: 60
 Jade
Topic starter
Jan 05, 2021 4:31 pm
(@shabsta)
Member
Joined: 7 years ago

@Marco

Where do you suggest that I try changing the web.config, ie which web.config would handle this

https://stackoverflow.com/questions/50338640/disabling-tls-1-0-breaks-asp-net-application 

<code><span class="hljs-tag"><<span class="hljs-name">system.web</span>></span>
   <span class="hljs-tag"><<span class="hljs-name">httpRuntime</span> <span class="hljs-attr">targetFramework</span> = <span class="hljs-string">"4.7.2"</span> /></span>
   <span class="hljs-tag"><<span class="hljs-name">compilation</span> <span class="hljs-attr">targetFramework</span> = <span class="hljs-string">"4.7.2"</span>></span> <span class="hljs-tag"></<span class="hljs-name">compilation</span>></span>
<span class="hljs-tag"></<span class="hljs-name">system.web</span>></span></code>
Reply
Posts: 1964
 Marco Tiggelaar
Admin
Jan 12, 2021 1:58 pm
(@m-tiggelaar)
Noble Member
Joined: 8 years ago

I would assume it's best to place it in the Enterprise and most likely portal aswell as they all connect to eachother.

Can you confirm that works?

Reply
Forum Jump:
  Previous Topic
Next Topic  
Share: