Office365 SMTP requires TLS 1.0

ssl iis smtp microsoft-office-365

I'm working on a web site hosted in IIS (10) on a Windows server (Server 2019). The site was previously able to send emails out through smtp.office365.com using basic auth. I used IISCrypto to disable TLS 1.0 (and lower) so that only TLS 1.1 and 1.2 were enabled. It caused this error:

The client and server cannot communicate, because they do not possess a common algorithm

Re-enabling TLS 1.0 causes the error to go away. Using SSLLabs.com's server test shows that both my site and smtp.office365.com should be able to support TLS 1.1 and 1.2 with a number of ciphers in common. Why won't they connect?


Solution 1:

That's probably due to .NET framework version is being used.

Reference No.1 https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

Reference No.2 https://stackoverflow.com/questions/26742054/the-client-and-server-cannot-communicate-because-they-do-not-possess-a-common-a

As per Microsoft recommendation:

  • Target .NET Framework 4.7 or later versions on your apps. Target .NET Framework 4.7.1 or later versions on your WCF apps.

  • Do not specify the TLS version. Configure your code to let the OS decide on the TLS version.

  • Perform a thorough code audit to verify you're not specifying a TLS or SSL version.

Related

Unsigned short in Java
Port forwarding to local port return ERR_CONNECTION_REFUSED with aws ec2
What are the practical limitations of a non-turing complete language like Coq?
Lisp commenting convention
java.lang.RuntimeException: Failure delivering result ResultInfo{who=null, request=1888, result=0, data=null} to activity
How to open a link in a default user browser in Qt?
Require SSL in WebApi?
Session TimeOut in web.xml
Swift - Extra Argument in call
How do you rename a library filename in CMake?
How to delete a table in SQLAlchemy?
Why do I see my TV in my Network locations, and how?