SolidCP does not work with TLS 1.2. It seems to be using older SSL or TLS 1.0 or TLS 1.1 ciphers.
Can you please add support for TLS 1.2 and TLS 1.3 in the future?
The reason why I cannot use an unencrypted connection is because I have configured IIS with the URL Rewrite plugin to redirect http to https for our webmail. So when SolidCP loads the site it will try to redirect to https and TLS1.2 does not work.
Ah,
It might be due to the api url SolidCP calls to communicate with Smartermail.
I will spin up a test to see if SecurityProtocolType to TLS 1.2 works as expected for smartermail.
Regards,
Marco
Upon further testing, confirming SolidCP only works with external servers and TLS 1.0 enabled on that server.
It does work with TLS 1.1 or TLS 1.2 enabled on the external server.
Sorry I should have been more clear on my initial post.
Here is the error when using TLS1.2 only on a Smartermail Server:
System.Web.Services.Protocols.SoapException: Server was unable to process request. —> Could not get mailbox —> The underlying connection was closed: An unexpected error occurred on a receive. —> The client and server cannot communicate, because they do not possess a common algorithm
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at SolidCP.EnterpriseServer.esMailServers.GetMailAccount(Int32 itemId)
at SolidCP.Portal.MailAccountsEditAccount.BindItem()
Examples:
- SMTP Server Settings > Enable SMTP SSL does not work
- SmarterMail Web Services URL: https://domain.com/services/ does not work
The destination server has to have TLS 1.0 or TLS 1.1 enabled in order for SolidCP to be able to talk to it. It works fine when we have these enabled, but we are moving with the rest of the industry to use TLS 1.2 only.
The current workaround is using no encryption at all.
Examples:
- SMTP Server Settings > Don’t check enable SMTP SSL and using an IP address for the mail server, instead of a hostname
- SmarterMail Web Services URL: http://domain.com/services/
Hello,
As far as i am aware SolidCP has no cipher configuration and is simply using the ciphers and tls versions configured on the servers.
If you configured your server(s) ciphers and tls idential (all Portal / Enterprise / Servers servers SolidCP is on) it should be fine communicating to all SolidCP modules.
That being said it will only work with TLS 1.2 not 1.3 asfar as i am aware Windows servers (and it’s components such as schannel) do not support TLS 1.3 yet.
Regards,
Marco