OC200, Omada SDN Controller 4.1.5 & SSL/TLS?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

OC200, Omada SDN Controller 4.1.5 & SSL/TLS?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
OC200, Omada SDN Controller 4.1.5 & SSL/TLS?
OC200, Omada SDN Controller 4.1.5 & SSL/TLS?
2020-10-25 13:16:04 - last edited 2020-10-26 00:44:43

Hi,

 

I have configured the controller to use my SMTP server for outgoing emails and ticked the 'SSL' box, however SSL is now depreciated and my SMTP server requires TLS. Test emails via the GUI 'Test Email Server' fail without a log entry.

 

Can you confirm if the 4.1.5 controller is compatible with TLS and if not, when this feature will be added as it is now standard for current SMTP?

  0      
  0      
#1
Options
1 Accepted Solution
Re:OC200, Omada SDN Controller 4.1.5 & SSL/TLS?-Solution
2020-10-25 15:29:44 - last edited 2020-10-26 00:44:43

@GadgetBen,

 

TLS is the name for the former SSL protocol. TLS v1.0 has been introduced in the year 1999 as the standard SMTP encryption protocol (good morning!). Back then, TLS v1.0 was largely based on SSL v3.0.

 

Many people still use the term SSL instead of TLS, but both terms just name a protocol, albeit different versions.

 

SSL v2.0 is deprecated since 2011, SSL v3.0 is deprecated since 2015. TLS protocols in use since then are v1.1, v1.2 and nowadays the latest v1.3. Omada SDN Controller supports TLS v1.1 and v1.2 at least.

 

Note that you should not turn off older protocols in your mail server unless you can be sure that every other mail server under the sun you want to communicate with supports the latest protocol, too.

 

Many people restrict protocols to only the latest, newest, most fancied protocol and wonder why they don't get mail from older servers anymore. A mail server should always only offer protocols and let the connecting mail server or mail client choose which one to use. A mail server should not enforce a certain protocol.

 

In former times this was called backward compatibility and it was a major principle in networking today's youngsters presumably have never heard of.

 

For mail server setup please note that SDN Controller enforces port 465 if you enable SSL/TLS encryption. This is clearly a bug TP-Link hopefully will fix soon.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
Recommended Solution
  1  
  1  
#2
Options
4 Reply
Re:OC200, Omada SDN Controller 4.1.5 & SSL/TLS?-Solution
2020-10-25 15:29:44 - last edited 2020-10-26 00:44:43

@GadgetBen,

 

TLS is the name for the former SSL protocol. TLS v1.0 has been introduced in the year 1999 as the standard SMTP encryption protocol (good morning!). Back then, TLS v1.0 was largely based on SSL v3.0.

 

Many people still use the term SSL instead of TLS, but both terms just name a protocol, albeit different versions.

 

SSL v2.0 is deprecated since 2011, SSL v3.0 is deprecated since 2015. TLS protocols in use since then are v1.1, v1.2 and nowadays the latest v1.3. Omada SDN Controller supports TLS v1.1 and v1.2 at least.

 

Note that you should not turn off older protocols in your mail server unless you can be sure that every other mail server under the sun you want to communicate with supports the latest protocol, too.

 

Many people restrict protocols to only the latest, newest, most fancied protocol and wonder why they don't get mail from older servers anymore. A mail server should always only offer protocols and let the connecting mail server or mail client choose which one to use. A mail server should not enforce a certain protocol.

 

In former times this was called backward compatibility and it was a major principle in networking today's youngsters presumably have never heard of.

 

For mail server setup please note that SDN Controller enforces port 465 if you enable SSL/TLS encryption. This is clearly a bug TP-Link hopefully will fix soon.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
Recommended Solution
  1  
  1  
#2
Options
Re:OC200, Omada SDN Controller 4.1.5 & SSL/TLS?
2020-10-25 20:15:01

@GadgetBen 


see also https://community.tp-link.com/en/business/forum/topic/228134 to find more informations on the issue.

 

br

 

  0  
  0  
#3
Options
Re:OC200, Omada SDN Controller 4.1.5 & SSL/TLS?
2020-10-26 00:51:01 - last edited 2020-10-26 00:51:24

Many thanks for your detailed responses. Clearly it is the bug forcing my port incorrectly to 465 that is causing the failure. Why TP-Link don't fix this critical bug that is making email inoperable for many of us is beyond me.

  0  
  0  
#4
Options
Re:OC200, Omada SDN Controller 4.1.5 & SSL/TLS?
2020-10-26 13:39:05 - last edited 2020-10-26 13:40:39

@GadgetBen, maybe TP-Link tests with Windows systems. It was Microsoft which insisted on the use of port 465, albeit this port was never officially registered at IANA for more than 18 years.

 

We all know that Microsoft always poisons open standards intentionally to spread FUD and bind customers to their software.

 

Since the SMTP transport MX infrastructure has no way to specify a port, using port 465 (ssmtp) with TLS rather than ports 25 (smtp) and 576 (submission) with STARTTLS does not make much sense.

 

In 2018, IANA finally agreed to register port 465 as an official ssmtp port in RFC 8314, albeit almost no-one except Microsoft Crapware uses this port.

 

See also https://tools.ietf.org/html/rfc8314.html#section-7.3

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  1  
  1  
#5
Options