I recently had to deal with a similar issue, but ended up with a ridiculous solution that can’t be put into production.
I set up a proxy between the mono app like Burpsuite or another transparent proxy (that can do SMTP in your case) that will happily negotiate a TLS v1.0 connection for the client and a TLS v1.1/1.2 connection for the server. Hope it helps. > On Aug 12, 2016, at 9:05 AM, Alexander Köplinger via Mono-devel-list > <[email protected]> wrote: > > Correct, mozroots should no longer be required/used. > > The cert-sync tool is the recommended approach for populating Mono’s > certificate store on Linux now: > http://www.mono-project.com/docs/about-mono/releases/3.12.0/#cert-sync > The Xamarin .deb/.rpm packages run this during package installation, if you > built Mono from source you need to run it yourself. > > TLS1.2 support is still a work in progress as far as I know. > > - Alex > > > On 12/08/16 15:44, "Mono-devel-list on behalf of Edward Ned Harvey (mono)" > <[email protected] on behalf of > [email protected]> wrote: > >> From: Mono-devel-list [mailto:[email protected]] On >> Behalf Of Craig McQueen >> >> On a Yocto-built embedded Linux system, we're trying to send e-mails >> through SMTP with SSL (port 465) or MSA (port 587). We're testing with >> smtp.gmail.com and smtp.zoho.com. We have code that works fine with >> Windows. But with Mono, we're getting System.IO.IOException: The >> authentication or decryption has failed. >> >> We've found on the Mono Security FAQ that we need: >> >> a) to install root certificates using mozroots or similar. >> b) to get the intermediate certificates from the SMTPS port 465, using >> certmgr. > > Historically, the above was necessary, and maybe some of it still is just > because you're on an unusual linux system. (The above is automatically done > during rpm/deb install, for later versions of red hat and debian/ubuntu). > > Historically, there were problems with the SSL/TLS classes in mono, in > which a mono server would fail to send intermediates to a client, and a mono > client would fail to cache any intermediates received from a non-mono server, > resulting in mono client being able to talk to non-mono servers, and mono > servers being able to talk to non-mono clients, but mono clients couldn't > talk to mono servers. > > Much of this should hopefully be history now. First of all, there are ways > of making mono use the OS crypto API, rather than use its own classes. I > can't tell you exactly how to do that, so if you're interested, start a new > thread saying exactly how you try to connect to your server (Are you using > HttpClient?), and ask if that's using the old mono classes or the OS API, and > ask if there's a different constructor you can use (or something) that would > force the use of the OS API. (For example, using ModernHttpClient instead?) > > Also, I've heard, but haven't personally checked or tested, that mono is > now using the microsoft TLS stack, including full support for TLS 1.2. So > before anything else, try updating to the very latest stable version of mono, > and see if that solves your problem. > _______________________________________________ > Mono-devel-list mailing list > [email protected] > http://lists.dot.net/mailman/listinfo/mono-devel-list > > > > _______________________________________________ > Mono-devel-list mailing list > [email protected] > http://lists.dot.net/mailman/listinfo/mono-devel-list
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Mono-devel-list mailing list [email protected] http://lists.dot.net/mailman/listinfo/mono-devel-list
