0

So I am running a SaaS application on AWS Beanstalk and I am not getting notified that TLS 1.0/1.1 is being used while sending emails via SES.

Here is a sample of the notification email I received:

Please see the following for further details on the TLS 1.0 or TLS 1.1 connections detected from your account to SES using Simple Mail Transfer Protocol (SMTP) to between July 16, 2023 and July 30, 2023. We are unable to provide UserAgent for these connections because it is part of the HTTP protocol, but is not part of SMTP connections.

Region  |  Event |  Message ID | Source IP  |  TLS Version
eu-west-1 | SMTP Message|010201896d2c1920-XXXXXXXX-bb4e-420e-8b0b-6a6939642cf8-000000 | 18X.XXX.XXX.175 | TLSv1 |
eu-west-1 | SMTP Message|01020189868f3ff5-XXXXXXXX-8943-42d7-827c-c41b0c393b1c-000000 | 18X.XXX.XXX.175 | TLSv1 |
eu-west-1 | SMTP Message|010201898ceadb71-XXXXXXXX-0198-4694-8c7d-3ad1f58bb21a-000000 | 18X.XXX.XXX.175 | TLSv1 |
eu-west-1 | SMTP Message|0102018973eba89d-XXXXXXXX-1158-4f05-94f0-04e52a683646-000000 | 18X.XXX.XXX.175 | TLSv1 |
eu-west-1 | SMTP Message|01020189a5e5638e-XXXXXXXX-2439-400f-a68e-98219e97061f-000000 | 13X.XXX.XXX.219 | TLSv1 |
eu-west-1 | SMTP Message|01020189914b2df8-XXXXXXXX-fb08-43d7-9c68-d3df15674757-000000 | 18X.XXX.XXX.59 | TLSv1 |

It's a.Net application running on Framework 4.7.2, using System.Net.Mail to send the emails. Sample custom SendMail() function code below:

// create the mail message
MailMessage mail = new MailMessage { BodyEncoding = System.Text.Encoding.UTF8, IsBodyHtml = true, From = new MailAddress(senderAddress, senderName) };

//set the addresses
mail.To.Add(receiverAddress);
mail.Subject = subject;
mail.Body = message;

NetworkCredential nwc = new NetworkCredential(System.Configuration.ConfigurationManager.AppSettings["GenesisMailCredentialsEmail"], System.Configuration.ConfigurationManager.AppSettings["GenesisMailCredentialsPassword"]);
SmtpClient smtp = new SmtpClient(System.Configuration.ConfigurationManager.AppSettings["GenesisMailSMTP"].ToString()) { Port = port, UseDefaultCredentials = false, Credentials = nwc, EnableSsl = useSSL };
smtp.Send(mail);

I have updated all server environments to the latest version as suggested by AWS, but I am still getting these notification emails. How do I enable TLS 1.2 when I send emails from my application? Any help would be appreciated.

Robert Benedetto
  • 1,590
  • 2
  • 29
  • 52

1 Answers1

0

.NET will use old versions of TLS for some ancient compatibility reason. You can make it use Tls1.3

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;

Garr Godfrey
  • 8,257
  • 2
  • 25
  • 23
  • this is a global setting for your process, so just call once during initialization is good. – Garr Godfrey Aug 07 '23 at 07:05
  • This answer might be better.https://stackoverflow.com/questions/28286086/default-securityprotocol-in-net-4-5 – Garr Godfrey Aug 07 '23 at 07:06
  • Thanks, I also found this SO post: https://stackoverflow.com/questions/45382254/update-net-web-service-to-use-tls-1-2 and it turns out after checking that it was running at Framework4.0 as the targetFramework wasn't set in my web.confing. Now it shows 4.7.2 as it should when I check HttpRuntime.TargetFramework, as it should. I'll see if that does it, if not I'll try setting Servicepoint. Any suggestion where I should set it, ApplicationStart or similar? – Robert Benedetto Aug 07 '23 at 07:12