EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Error 75784 With TElSMTPClient and GMAIL

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 10/07/2014 08:05:27
by Stephan Mercier (Standard support level)
Joined: 11/27/2011
Posts: 14

We have the last version (April 26, 2014, Version 11.0.250). We cannot update to version 12 because we are still using Delphi 5. We have been paying for all future updates and had the bad surprise that you guys were not going to provide updates for Delphi 5 anymore. In this case, are you going to fix Version 11 of SBB? Thanks
Posted: 10/07/2014 12:23:16
by Eugene Mayevski (Team)

Unfortunately there's no technical possibility to update version 11 (or any other non-latest version). Also we don't have definite information about the reason of the problem in version 11, we just see that version 12 work. It's possible that there's no "fix" needed or possible, but some customization of the connection.

Sincerely yours
Eugene Mayevski
Posted: 10/07/2014 12:46:07
by Stephan Mercier (Standard support level)
Joined: 11/27/2011
Posts: 14

Eugene, is this to say that you are not providing bug fixes from any of your previous versions and the only solution is to update to the latest version of your component with the risk of getting new bugs that will never get fixed? Chunked http is broken in V9 and fixed in V11. Gmail was working in V9 and it is broken in V11. How can we support our customers with your components if you fix something only to break something else?
Posted: 10/07/2014 13:06:22
by Eugene Mayevski (Team)

Stephan Mercier wrote:
you are not providing bug fixes from any of your previous versions and the only solution is to update to the latest version of your component


Stephan Mercier wrote:
with the risk of getting new bugs that will never get fixed?

No. We fix all encountered issues.

Stephan Mercier wrote:
Gmail was working in V9 and it is broken in V11

It is not "broken". There are things like a workaround for BEAST attack in TLS which intentionally break existing insecure configurations in order to force developers to upgrade the software. And such things are not introduced by us but by other parties. I think that GMail problem has the same roots.

Let's look at the problem from the different point of view: Delphi has the long list of bugs that are never fixed. The reason you don't get SBB 12 for Delphi 5 is BUGS in Delphi 5 compiler (which is 15 years old) which prevent SecureBlackbox code from being compiled. Those bugs were fixed in Delphi 6. You decided to use old development tools instead of upgrading and getting bug fixes. I think you don't expect Embarcadero to fix Delphi 5 bugs now, do you? And Delphi is a modular general-purpose product, unlike SecureBlackbox which is monolithic and very narrow. We don't have possibility or resources to manage several versions in parallel.

Sincerely yours
Eugene Mayevski
Posted: 10/07/2014 15:43:55
by Stephan Mercier (Standard support level)
Joined: 11/27/2011
Posts: 14

Well... reading this, I say there is not much chance that we will get a fix for Delphi 5 at this point right?
Posted: 10/07/2014 15:45:16
by Eugene Mayevski (Team)

One can't fix what is not broken.

Sincerely yours
Eugene Mayevski
Posted: 10/07/2014 15:49:54
by Stephan Mercier (Standard support level)
Joined: 11/27/2011
Posts: 14

Eugene, I do not understand your comment. V9 works fine with GMail, V11 do not work and you say V12 is working. How can V11 not be broken if V9 still works? THanks.
Posted: 10/07/2014 16:00:02
by Eugene Mayevski (Team)

It's quite hard to explain because I don't know the exact reason but *given that* you seem to be the only person known to have problems with delivery via GMail in SBB 11 (and we do have other customers using this functionality successfully), I can assume that the problem is related to your specific setup of the client components.

The common reason of problems of this kind is that we add new algorithm which is chosen by the other party, and that algorithm doesn't work well with that other party (for whatever reason). In SSH this is very common, but it also happens in SSL -- some new TLS 1.2 algorithms (AES-GCM, to be specific) didn't work in SBB 11 with *some* servers (while worked with others). As these algorithms were not present in version 9, they could not be negotiated. Now they are advertised to the server and are chosen by the server, and if they (algorithms) don't work, then you have a problem. The solution is to turn off the GCM cipher suites.

So you can try doing exactly this:

1) turn off TLS 1.2 in Versions property
2) disable GCM cipher suites via CipherSuites property.

Maybe this will help.

Sincerely yours
Eugene Mayevski
Posted: 10/07/2014 16:25:23
by Stephan Mercier (Standard support level)
Joined: 11/27/2011
Posts: 14

I added the below and it still fails. If you want, I can provide a small test program that you can try in v11 and see that it fails. This way, it will rule out my specific setup.

ELSmtpClient.Versions := [sbSSL3,sbTLS1];


Posted: 10/08/2014 00:29:26
by Ken Ivanov (Team)

Hi Stephan,

Could you please do a couple of further checks for us:

1) Please disable SSLv3 and enable TLSv1.1:

ElSmtpClient.Versions := [sbTLS1, sbTLS11];

2) Please only leave the following cipher suite enabled (disable all the rest):


3) Please configure SSL extensions in the following way:

ElSmtpClient.Extensions.ServerName.Enabled := true;
ElSmtpClient.Extensions.ServerName.NameType := ntHostName;
ElSmtpClient.Extensions.ServerName.Name := 'mail.google.com'; // or a host name of the web server you are connecting to

ElSmtpClient.Extensions.SignatureAlgorithms.Enabled := true;

ElSmtpClient.Extensions.Heartbeat.Enabled := false;

If you are still unable to connect under the above configuration, please also try switching off TLS 1.1 and switching on TLS 1.2, i.e. try using the following version combinations: [sbTLS1] and [sbTLS1, sbTLS11, sbTLS12].

If none of the above helps, please submit a not working example to the Helpdesk and we will let you know which properties to tune up to make it work. In unlucky event if there is something in SBB that prevents it from working, we will show you what to change in the components' source code to overcome the issue.

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.



Topic viewed 3244 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!