Search The ForumSearch   RegisterRegister  LoginLogin

MailBee.NET Security
 AfterLogic Forum : MailBee.NET Security
Subject Topic: Enable TLS logs for IMAP Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
adrien.hupond
Newbie
Newbie


Joined: 12 July 2016
Location: France
Online Status: Offline
Posts: 2
Posted: 16 September 2016 at 6:30am | IP Logged Quote adrien.hupond
Hi everyone,

We're using Mailbee .NET objects to access a STARTTLS secured IMAP server, and are currently running into troubles because of TLS handshakes failures. It looks like the server rejects our client certificate, and I would like to investigate the handshake messages for troubleshooting. I cannot use openssl to reproduce and debug the STARTTLS sequence, as the private key associated with the client cert is not exportable and openssl cannot read Windows certstore.

The Mailbee .NET security advertises « log files include SSL handshakes », but I couldn't find the way to enable TLS logs. I only have classic mailbee logs which indicates the following :

Quote:
     Line 24: [15:12:17.79] [INFO] [0022] [IMAP-00................] Notify server that we are ready to start TLS/SSL negotiation.
     Line 25: [15:12:17.79] [SEND] [0022] [IMAP-00................] MBN00000002 STARTTLS\r\n
     Line 30: [15:12:17.86] [RECV] [0022] [IMAP-00................] MBN00000002 OK completed\r\n [Total 26 bytes received.]
     Line 31: [15:12:17.86] [INFO] [0022] [IMAP-00................] Will start TLS/SSL negotiation sequence.
     Line 103: [15:12:24.73] [INFO] [0022] [IMAP-00................] TLS/SSL negotiation completed.
     Line 104: [15:12:24.73] [INFO] [0022] [IMAP-00................] Will check if server certificate complies with the specified auto-validation flags.
     Line 105: [15:12:24.73] [INFO] [0022] [IMAP-00................] Server certificate successfully created from the handle. Can verify it now.
     Line 106: [15:12:24.73] [INFO] [0022] [IMAP-00................] Server certificate validation passed.
     Line 107: [15:12:24.73] [INFO] [0022] [IMAP-00................] Get the list of IMAP4 capabilities via CAPABILITY command.
     Line 108: [15:12:24.73] [SEND] [0022] [IMAP-00................] MBN00000003 CAPABILITY\r\n
     Line 109: [15:12:24.74] [INFO] [0022] [IMAP-00................] Error: Socket connection was aborted by remote host.
Back to Top View adrien.hupond's Profile Search for other posts by adrien.hupond
 
Alex
AfterLogic Support
AfterLogic Support
Avatar

Joined: 19 November 2003
Online Status: Offline
Posts: 2206
Posted: 16 September 2016 at 10:29am | IP Logged Quote Alex
Hi,

First, please make sure the problem does not disappear if you change TLS protocol from the default Auto (which usually assumes TLS 1.0) to explicitly set TLS 1.2. Use Imap.SslProtocol property for that.

If this does not help, you can enable Socket tracing in app.config. It will provide network.log in the app folder which will contain SSL handshake details as well.

In <configuration> section of app.config, add:

Code:

<system.diagnostics>
    <sources>
      <source name="System.Net" tracemode="includehex" maxdatasize="1024">
        <listeners>
          <add name="System.Net"/>
        </listeners>
      </source>
      <source name="System.Net.Cache">
        <listeners>
          <add name="System.Net"/>
        </listeners>
      </source>
      <source name="System.Net.Http">
        <listeners>
          <add name="System.Net"/>
        </listeners>
      </source>
      <source name="System.Net.Sockets">
        <listeners>
          <add name="System.Net"/>
        </listeners>
      </source>
      <source name="System.Net.WebSockets">
        <listeners>
          <add name="System.Net"/>
        </listeners>
      </source>
    </sources>
    <switches>
      <add name="System.Net" value="Verbose"/>
      <add name="System.Net.Cache" value="Verbose"/>
      <add name="System.Net.Http" value="Verbose"/>
      <add name="System.Net.Sockets" value="Verbose"/>
      <add name="System.Net.WebSockets" value="Verbose"/>
    </switches>
    <sharedListeners>
      <add name="System.Net"
        type="System.Diagnostics.TextWriterTraceListener"
        initializeData="network.log"
      />
    </sharedListeners>
    <trace autoflush="true"/>
  </system.diagnostics>


Regards,
Alex
Back to Top View Alex's Profile Search for other posts by Alex
 
adrien.hupond
Newbie
Newbie


Joined: 12 July 2016
Location: France
Online Status: Offline
Posts: 2
Posted: 22 September 2016 at 10:35am | IP Logged Quote adrien.hupond
Thanks for the quick reply

I was able to find out that the CA certs store on the test server was accidentally replaced with the production store. Our test client certificates were rejected because the root CA was not trusted anymore by the server.
Back to Top View adrien.hupond's Profile Search for other posts by adrien.hupond
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide