EldoS | Feel safer!

Software components for data protection, secure storage and transfer


Posted: 04/10/2015 03:23:42
by Vincent Parrett (Standard support level)
Joined: 01/17/2008
Posts: 20

What was the outcome of this? I'm a similar issue. Is there an example somewhere that works with office 365 ?
Posted: 04/10/2015 03:36:25
by Vsevolod Ievgiienko (Team)

Vincent Parrett wrote:
What was the outcome of this? I'm a similar issue. Is there an example somewhere that works with office 365 ?


What exact problem do you have? Is it also 10058 error as in original topic? What SecureBlackbox version do you use?
Posted: 04/10/2015 06:47:51
by Eugene Mayevski (Team)

Back then the solution for two customers was to set Versions property to [sbSSL3] (i.e. enable only SSL3). The problem is that nowadays many servers switch from SSL 3 to TLS 1.1 or 1.2, so we'd need to investigate the problem from the beginning.

Sincerely yours
Eugene Mayevski
Posted: 04/11/2015 04:36:40
by Eugene Mayevski (Team)

For memory: right now connection and message sending works fine with version 12.0.268 and default settings. Things can change over time, of course.

Sincerely yours
Eugene Mayevski
Posted: 11/23/2015 18:01:43
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 67

Also, for those using old SBB versions, to use Hotmail smtp servers I had to add a special case:
if (smtp.Address = 'smtp.live.com') or
  (smtp.Address = 'smtp-mail.outlook.com') then
  smtp.SSLMode := smExplicit;
  smtp.Versions := [sbTLS1];

I had also disabled most cipher suites. Not sure if this is affecting the above, thought (I think I had to do this to fix a similar problem before):
  client.CipherSuites[i] := false;

client.CipherSuites[SB_SUITE_RSA_AES128_SHA] := True;
client.CipherSuites[SB_SUITE_RSA_AES256_SHA] := True;
client.CipherSuites[SB_SUITE_DHE_RSA_AES128_SHA] := True;
client.CipherSuites[SB_SUITE_DHE_RSA_AES256_SHA] := True;
client.CipherSuites[SB_SUITE_DHE_DSS_AES128_SHA] := True;
client.CipherSuites[SB_SUITE_DHE_DSS_AES256_SHA] := True;
client.CipherSuites[SB_SUITE_ECDH_ECDSA_AES128_SHA] := True;
client.CipherSuites[SB_SUITE_ECDH_ECDSA_AES256_SHA] := True;
Posted: 11/24/2015 04:16:23
by Ken Ivanov (Team)

Hi Leonardo,

Thank you very much for sharing the results of your research.

Indeed, restricting the set of supported cipher suites often helps to overcome connectivity issues. I believe in majority of such cases the reason is not in the server itself, but in some intermediary IPSes that treat longer TLS hello messages as suspicious and shut down the connection as suspected DoS attack.




Topic viewed 6378 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!