TLS1.0 E-Mail warnings

Tomigs · 2019-02-25

Hi all,

We have a customer that reports us that they are getting a warning that the mail coming from the NAV server is using TLS 1.0.

I'm unsure whether we should upgrade the NAV server or the SMTP server if that makes sense. And if it is the NAV server, what steps should we give: should it be a NAV build upgrade, and/or .NET upgrade, and/or Windows Register changes?

The NAV version is NAV2013R2 (7.10.42221, CU22)
The NAV server is under .NET Framewok 4.5

Any help would be appreciated.

Thanks!
Tomas

Duikmeester · 2019-02-25

Read: https://medium.com/@kyle.gagnet/your-net-code-could-stop-working-in-june-afb35fbf29ca

Tomigs · 2019-03-05

Hi Duikmeester,

Thanks a lot for the info it is an interesting article.

I'm still unclear on how to proceed on my particular case.

The NAV Server is in .NET4.5.2. If we upgraded it to .NET4.6 would that be a step in the right direction? (It is Windows Server 2012R2).

I'd imagine that acting over the NAV code to enforce a particular security protocol it is out of the C/AL capabilities.

Thanks

Regards,
Tomas

Tomigs · 2019-04-03

Hi,

Still unclear to me but looks like old versions (NAV2013) are not possible to get upgraded to TLS1.2, judging by this article.

https://blogs.msdn.microsoft.com/nav/2018/12/06/how-to-get-earlier-versions-of-the-dynamics-nav-development-environment-to-work-with-tls-1-2/

We also found something related to Exchange(2010), but it is probably not the case.
https://support.microsoft.com/en-us/help/3029667/smtp-is-not-transported-over-tls-1-1-or-tls-1-2-protocol-in-an-exchang

Thanks
Tomas

sb_ · 2019-12-03

Hi Tomas

I ran into the same Problem.

Did you find a solution for sending Mail in NAV 2013 with TLS 1.2?

I can send Mail with Powershell on the NAV Server by Setting the Security Protocol in the Powershell to TLS12.

But with Codeunit 400 SMTP it does not work with following Error:
"Authentication failed because the remote party has closed the transport stream"

Mail Server is smtp.office365.com so obviously i can not do nothing on the Mail Sever.

Thank you.
Stefan

kylehardin · 2019-12-03

If you are using outlook.com as your email service, you can somehow configure your SMTP account (on outlook.com) to be more restrictive and force TLS 1.2. I am not in our IT department, so I do not know how they did this, but our SMTP server in NAV 2015 now looks like this:

ourdomain-com.mail.protection.outlook.com

Port 25, Basic authentication, Secure Connection = true. Note that we are no longer using port 587.

Tomigs · 2020-01-02

Hi Sb_,

I don't think this was ever resolved for us.
Based on the link below, we assumed that NAV2013R2 (or any version older than NAV2015) won't be able to enable TLS12.
https://blogs.msdn.microsoft.com/nav/2018/12/06/how-to-get-earlier-versions-of-the-dynamics-nav-development-environment-to-work-with-tls-1-2/

@kylehardin , thanks for the update. The SMTP mail address is a similar configuration in our case. Again, it is possible that it works in NAV2015 and not in NAV2013R2.

Tomas

TLS1.0 E-Mail warnings

Comments

Categories