EldoS | Feel safer!

Software components for data protection, secure storage and transfer

error code 75777 received when initiating TLS

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#5293
Posted: 03/06/2008 03:07:41
by Michael Hansen (Standard support level)
Joined: 03/06/2008
Posts: 3

Hi,

I am currently evaluating SSL Blackbox v6 - but can't quite get it to work as intended.

I am working with SMTP clients / servers - and have build a small test client which issues the STARTTLS command using the TElSimpleSSLClient-class.

As I understand your article: Enable or disable SSL/TLS on-the-fly (http://www.eldos.com/documentation/sbb/documentation/ref_howto_ssl_common_onoff.html?phrase_id=248826) one should do the following (=pseudo code):

secureConn.SendData( <STARTTLS> );
secureConn.ReceiveData( ... ); //read ready cmd for the STARTTLS

//Initiate TLS
secureConn.Close(true);
secureConn.Enabled = true;
secureConn.Open(); //a bit unsure of this, as the article only states "initiate the connection via SSL-enabled class"


However, the above results in OnError being fired with the following values:
ErrorCode == 75777
Fatal == true
Remote == false


The SMTP server I am connecting to is an Exchange 2003 (=IIS 6.0 SMTP) with a valid certificate issued by Equifax


Any clue to what I am missing / have misunderstood?



Best regards,

Michael
#5294
Posted: 03/06/2008 04:49:06
by Ken Ivanov (EldoS Corp.)

Thank you for your interest in our products.

Please consider using TElSimpleSMTPClient class instead of [lower-level] TElSimpleSSLClient. It cares about switching between secure and insecure mode, so you will not need to handle this yourself.
#5295
Posted: 03/06/2008 05:42:13
by Michael Hansen (Standard support level)
Joined: 03/06/2008
Posts: 3

Hi,

Thank you for replying :)


> Please consider using TElSimpleSMTPClient

Well, I already have a high performance SMTP client/server in an existing infrastructure - and just want to enable TSL on the existing classes.

I have looked at your SMTP-classes - but these are not sufficient for my needs - why I am looking at the TElSimpleSSLClient / Socket classes in your product.



/Michael

#5302
Posted: 03/06/2008 08:45:46
by Eugene Mayevski (EldoS Corp.)

This error usually says that there's no SSL on the other side. Unfortunately it's hard to say anything else without seeing the actual code and having a server to connect to.

Please try running TElSMTPClient to test connection. If TElSMTPClient works, then the problem is in the way you use ElSimpleSSLClient. If TElSMTPClient doesn't work right, then we need to investigate why it doesn't work.

Aside of this, TElSMTPClient implements SMTP specification. What functionality are you missing in it?


Sincerely yours
Eugene Mayevski
#5308
Posted: 03/07/2008 03:04:45
by Michael Hansen (Standard support level)
Joined: 03/06/2008
Posts: 3

Hi again,

I have just verified that an SSL certificat exists - and is working. I tried your TElSMTPClient - but this also fails.

One of the other products I am evaluating is the freeware component from Mentalis (http://www.mentalis.org/) - which is working fine with explicit TLS. However there are some issues in this solution that I hope your product doesn't have.

I ran Wireshark on both tests - and where Mentalis' framework reads the whole certificat - TElSMTPClient fails in various places in the SSL negotiation (sometimes in the beginning, other times in the middle - but none succeed).

I have also tried Mono's Mono.Security.dll - but this fails in a similar way as yours (in various places in the SSL negotiation). One reason for Mono' failing _could_ be the following mentioned in their source code:

Code
// Note: IIS doesn't seem to send the whole certificate chain
// but only the server certificate :-( it's assuming that you
// already have this chain installed on your computer. duh!
// http://groups.google.ca/groups?q=IIS+server+certificate+chain&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=85058s%24avd%241%40nnrp1.deja.com&rnum=3



I would _really_ love if we could find a solution - and you are welcome to try to run tests against my SMTP-server if you are interessted?

If so - could we move this thread to the help-desk - don't wan't to publish to many details in a 'public' forum.


I have attached the 2 dump-files from Wireshark - 1 when running Mentalis' SMTPClient-test and 1 when running with TElSMTPClient.


> Aside of this, TElSMTPClient implements SMTP specification. What functionality are you missing in it?

I cannot say specifically that I am missing anything - but I have an existing framework that I wish to keep using (especially in my server implementation).


Best regards,

Michael


[ Download ]
#5309
Posted: 03/07/2008 04:24:58
by Eugene Mayevski (EldoS Corp.)

Moved to HelpDesk.


Sincerely yours
Eugene Mayevski
#33105
Posted: 04/22/2015 10:06:54
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 66

Hello,

Is there more information to this error? SMTP server for Hotmail gives me this same error.
#33107
Posted: 04/22/2015 10:42:30
by Eugene Mayevski (EldoS Corp.)

This topic is 7-year-old. If you have problems with SSL connectivity, please see these articles: https://www.eldos.com/security/articles/8021.php and https://www.eldos.com/security/articles/8091.php. They contain both the explanation of the problem and the steps needed to address it.


Sincerely yours
Eugene Mayevski
#33108
Posted: 04/22/2015 11:51:30
by Leonardo Herrera (Standard support level)
Joined: 02/14/2011
Posts: 66

Yes, I know it is seven years old, but only today I had to deal with this.

Finally I solved my particular problem (connecting to smtp.live.com on port 587) with TElSMTPClient by changing SSLMode from `smImplicit` to `smExplicit`. This doesn't work well with Gmail, thought.

Those articles are really useful, thank you.

Regards,
Leonardo Herrera
#33109
Posted: 04/22/2015 12:50:50
by Eugene Mayevski (EldoS Corp.)

SMTP as well as FTP can use SSL/TLS in Explicit and Implcit mode. They work on different ports (port 587 is for Explisit TLS, port 465 is for Implicit one).

If you have any particular problems with GMail, please specify your current configuration and what exactly doesn't work.


Sincerely yours
Eugene Mayevski
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 4437 times

none




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!