2

According to the SmtpClient.EnableSsl property documentation, this class provides precisely one way to use SSL - set the property and SSL over TLS is used. It specifically talks about another way being unsupported:

An alternate connection method is where an SSL session is established up front before any protocol commands are sent. This connection method is sometimes called SMTP/SSL, SMTP over SSL, or SMTPS and by default uses port 465. This alternate connection method using SSL is not currently supported.

SMTP, especially the security side of it, is not something I know much about. This question (C# ASP.NET Send Email via TLS) raises the point that not all SMTP servers support TLS but the fact is, I'm unsure about the relationship between port, SSL and TLS. I thought SSL and TLS were separate protocols, but "SSL over TLS" sounds more like how you have separate containers/codecs/transports in the world of video compression.

I assume that while I can change the port from 25 to 465, this will therefore not magically change anything - but is it likely a mail server will be configured to only listen for SSL requests on a specific port (i.e. not 25)?

Using SmtpClient do I sensibly need to do anything than set EnableSsl to toggle whether my application uses SSL or not?

Community
  • 1
  • 1
Mr. Boy
  • 60,845
  • 93
  • 320
  • 589

1 Answers1

1

I don't see anywhere in your links that mentions "SSL over TLS", though the term "SMTP over TLS" is used, is that perhaps the cause of some confusion?

As far as ports go, the normal SMTP port (25) expects that the protocol used will be plain SMTP, whereas the SMTPS port (465) expects that the client will first establish a secure connection using SSL/TLS, and will then proceed "speaking" normal SMTP over the secure channel. This is very similar to HTTP vs. HTTPS, which also use distinct ports.

The above is somewhat moot given the fact that SmtpClient doesn't support this method of secure SMTP, but when EnableSsl is set, instead expects to connect to a standard SMTP server (port 25), and after the usual SMTP introduction issues the STARTTLS command which signals to the server that it's about to start a TLS handshake to "upgrade" the connection to be secure. From that point on things are essentially identical to the SMTPS mechanism above.

Of course, for this to work, the server must support this method of security, and must also advertise the availability of the STARTTLS command in its response to the client's initial EHLO, otherwise an SmtpClient configured with EnableSsl = true will throw an exception when attempting to send as indicated in the documentation.

Iridium
  • 23,323
  • 6
  • 52
  • 74
  • I was sure I saw "SSL over TSL" but I think you must be right, it was a brain-slip :) Thanks for the answer. I'm assuming modern mail-servers _do_ support the `SmtpClient` SSL approach? – Mr. Boy Sep 03 '15 at 12:22
  • I would expect most modern mail-servers to support both if they support SSL/TLS at all. – Iridium Sep 03 '15 at 15:09