Menu
▾
▴
#53 tls-config parameter
Hi, we have had emailrelay running on a server to forward local emails to an authenticated smtp server. It's been running well for years. The smtp server administrators have disabled TLS1.1 and below. I am trying to set the tls-config to force a 1.2 connection, but nothing I type is recognized and the startup fails.
Current command line: "D:\Program Files\emailrelay\bin\emailrelay.exe" --close-stderr --forward-to smtp.domain.com:25 --client-tls --client-auth "D:\Program Files\emailrelay\bin\emailrelay.auth" --log --pid-file "D:\Program Files\emailrelay\config\emailrelay.pid" --poll 1 --spool-dir "D:\Program Files\emailrelay\spool"
I have tried putting in --tls-config=tlsv1.2 and --tls-config tlsv1.2 (based on the parameter documentation). Both throw errors.
MobiuS
That should work. What errors do you get?
running that not as a service so I can see error dialogs, I get a dialog that states:
conversion error: invalid format: tlsv1.2
That only makes sense if you are running v1.9 but referring the 2.x documentation.
Spot on. v1.9 is on production. Pushing v2.2 to dev allows the tlsv1.2 parameter. Because it's using its own mbed TLS library, this should be windows version agnostic? I can push version 2.2 to a legacy Win2008R2 server and get TLS1.2 client connections?
Last edit: MobiuS RIT 2021-02-19
I expect so, but I don't have access to Windows 2008. The binary releases since v2.0 have been statically linked with mbedTLS, and the runtime dependencies listed by dumpbin are only ws2_32, iphlpapi, advapi32, comctl32, kernel32, user32 and shell32.
For v2.2 I have also included a "winxp" build that uses the older exe file format compatible with Windows 2003.
Note that mbedTLS do not have TLS1.3 in the pipeline AFAIK, so you might need to think about getting emailrelay built against OpenSSL/LibreSSL.
Thank you for all the info. I think I'm good to go. You can close this ticket out.