OC200, Omada SDN Controller 4.1.5 & SSL/TLS?
Hi,
I have configured the controller to use my SMTP server for outgoing emails and ticked the 'SSL' box, however SSL is now depreciated and my SMTP server requires TLS. Test emails via the GUI 'Test Email Server' fail without a log entry.
Can you confirm if the 4.1.5 controller is compatible with TLS and if not, when this feature will be added as it is now standard for current SMTP?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
TLS is the name for the former SSL protocol. TLS v1.0 has been introduced in the year 1999 as the standard SMTP encryption protocol (good morning!). Back then, TLS v1.0 was largely based on SSL v3.0.
Many people still use the term SSL instead of TLS, but both terms just name a protocol, albeit different versions.
SSL v2.0 is deprecated since 2011, SSL v3.0 is deprecated since 2015. TLS protocols in use since then are v1.1, v1.2 and nowadays the latest v1.3. Omada SDN Controller supports TLS v1.1 and v1.2 at least.
Note that you should not turn off older protocols in your mail server unless you can be sure that every other mail server under the sun you want to communicate with supports the latest protocol, too.
Many people restrict protocols to only the latest, newest, most fancied protocol and wonder why they don't get mail from older servers anymore. A mail server should always only offer protocols and let the connecting mail server or mail client choose which one to use. A mail server should not enforce a certain protocol.
In former times this was called backward compatibility and it was a major principle in networking today's youngsters presumably have never heard of.
For mail server setup please note that SDN Controller enforces port 465 if you enable SSL/TLS encryption. This is clearly a bug TP-Link hopefully will fix soon.
- Copy Link
- Report Inappropriate Content
TLS is the name for the former SSL protocol. TLS v1.0 has been introduced in the year 1999 as the standard SMTP encryption protocol (good morning!). Back then, TLS v1.0 was largely based on SSL v3.0.
Many people still use the term SSL instead of TLS, but both terms just name a protocol, albeit different versions.
SSL v2.0 is deprecated since 2011, SSL v3.0 is deprecated since 2015. TLS protocols in use since then are v1.1, v1.2 and nowadays the latest v1.3. Omada SDN Controller supports TLS v1.1 and v1.2 at least.
Note that you should not turn off older protocols in your mail server unless you can be sure that every other mail server under the sun you want to communicate with supports the latest protocol, too.
Many people restrict protocols to only the latest, newest, most fancied protocol and wonder why they don't get mail from older servers anymore. A mail server should always only offer protocols and let the connecting mail server or mail client choose which one to use. A mail server should not enforce a certain protocol.
In former times this was called backward compatibility and it was a major principle in networking today's youngsters presumably have never heard of.
For mail server setup please note that SDN Controller enforces port 465 if you enable SSL/TLS encryption. This is clearly a bug TP-Link hopefully will fix soon.
- Copy Link
- Report Inappropriate Content
see also https://community.tp-link.com/en/business/forum/topic/228134 to find more informations on the issue.
br
- Copy Link
- Report Inappropriate Content
Many thanks for your detailed responses. Clearly it is the bug forcing my port incorrectly to 465 that is causing the failure. Why TP-Link don't fix this critical bug that is making email inoperable for many of us is beyond me.
- Copy Link
- Report Inappropriate Content
@GadgetBen, maybe TP-Link tests with Windows systems. It was Microsoft which insisted on the use of port 465, albeit this port was never officially registered at IANA for more than 18 years.
We all know that Microsoft always poisons open standards intentionally to spread FUD and bind customers to their software.
Since the SMTP transport MX infrastructure has no way to specify a port, using port 465 (ssmtp) with TLS rather than ports 25 (smtp) and 576 (submission) with STARTTLS does not make much sense.
In 2018, IANA finally agreed to register port 465 as an official ssmtp port in RFC 8314, albeit almost no-one except Microsoft Crapware uses this port.
See also https://tools.ietf.org/html/rfc8314.html#section-7.3
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2224
Replies: 4
Voters 0
No one has voted for it yet.