TLS 1.3 support, more recent ciphers support


I have been using eM Client for many years. Using Fruux as my calendar since now.

But recently I switched to Nextcloud for calendar and switched to my own selfhosted server.
SSL is handled by Nginx, and I had to downgrade the TLS version as well as the ciphers in order for eM Client to be able to connect to the caldav endpoint.

My SSL config is:

ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;

With this config, the logs show a .net error:

Authentication failed because the remote party sent a TLS alert: ProtocolVersion

With the addition of TLS 1.2, like so

ssl_protocols TLSv1.2 TLSv1.3;

The logs then show

Authentication failed because the remote party sent a TLS alert: Handshake failure

With TLS 1.2 + ECDHE-ECDSA-AES128-GCM-SHA256 it works, eM Client can connect fine.

My final config became :

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;

This is not super good as there are now better TLS and cipher at this time.
Iā€™m downgrading just for eM Client right now.

Client machine running eM Client is current, with Win 10 and .net 4.6.2 / 4.8 / SDK 5.0 / SDK 6.0 / Core 2.1 / Core 3.1 / Core 5.0 / Core 6.0

Any plans on implementing TLS 1.3 and the more recent ciphers?


Related: Received headers being removed? - #9 by Rob18

1 Like