Results 1 to 32 of 32

Thread: JACMail4 with TLS 1.3

  1. #1

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    JACMail4 with TLS 1.3

    This version of JACMail supports TLS 1.3. This project became necessary when my ESP (Email Service Provider) decided to utilize the Gmail platform. Although a small portion of TLS 1.2 supports Forward Secrecy, TLS 1.3 was chosen because that is all it supports, thereby making it safer and easier to implement on its own (no stored keys). Please be aware that, although the JACMail program is very mature, this particular version has undergone limited testing and may contain bugs. Feedback is welcome.

    Gmail & others enforce the use of TLS on their platform. They say that it makes your email more secure, but as the name (Transport Layer Security) suggests, it only protects your email during a single transport leg. Not all MTAs (Mail Transport Agents) support it, and mail is stored on the servers unencrypted. The only way to truly protect your email is end-to-end encryption, but not having access to the email contents would make spam filtering next to impossible. To be truly secure requires end-to-end encryption and enforced sender authentication. The primary purpose of TLS in this situation is to make it difficult for hackers to learn your password (difficult but not impossible).

    JACMail does not support HTML directly, but offers a single click export to your default browser for viewing. Virtually all malware and most spam is distributed using HTML because HTML offers executable scripts. JACMail does support attachments and spell checking.

    SMTP (Simple Mail Transport Protocol) and POP (Post Office Protocol) are two of the few protocols left that still use ASCII. However, since they now require encryption, byte arrays must be used and converted to strings where necessary.

    Setting up an email account can be a bit challenging at times. To make it easier, routines have been provided to test POP3 on port 995 and SMTP on port 465. JACMail does not support port 587 (STARTTLS). For Gmail, the easiest way to begin operation is to allow less secure apps. I haven't looked into it yet, but 2FA (2 Factor Authentication) should also be possible.

    JACMail uses IP Version independent Winsock2 system calls, so it will only work on Windows systems that actively support both IPv4 and IPv6. In addition, because it requires TLS 1.3, it is more or less restricted to Win 8.1 and Win 10. The following standard support files are necessary:
    MSADODC.OCX
    COMDLG32.OCX
    MSDATGRD.OCX
    Inked.dll
    MSBIND.DLL
    Inked.oca
    msado15.dll
    RICHED20.dll

    The first time JACMail is run, it will look for the Access Database (JACMail4.mdb) in the current User directory (C:\Users\Username\JACMail4\). If \JACMail4\ does not exist, it will create it as well as a sub-directory called "\Attach". It will then prompt the user to copy the supplied blank database "JACMail4.org" to JACMail4.mdb. It will then create the DSN necessary to access the database.

    JACMail comes with 4 tables (InBox, OutBox, Archive, & Dummy). The Dummy table is used to allow you to create different Mail Boxes that mail can be transferred to, using the Menu item "New Mailbox".

    An online Help file is available by clicking on the "Online Help" menu item. Although it is for an older version, from a user's perspective it is essentially the same. The big difference is in the Setup. The image below shows some typical settings for a Gmail account.

    When checking for mail, you are prompted to enter the password. This is done once per session so that you don't forget the password. Gmail requires sender authentication as well. When you enter the SMTP Password, a Base64 encoded User/Password string is saved, and that is why the Password field appears blank. Note that you don't have to use the same account for both POP3 and SMTP. I would be doing this myself, but my third party supplier does not support TLS 1.3 yet.

    J.A. Coutts
    Updated: 12/16/2020 with 2 bugs found by wqweto resolved
    Updated: 12/22/2020 - See post #22 for details
    Updated: 02/27/2021 - See post 30 for details
    Attached Images Attached Images  
    Attached Files Attached Files
    Last edited by couttsj; Today at 10:15 AM.

  2. #2
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    Line 195 of frmSendMail.frm is this

    OleObjectBlob = "frmSendMail.frx":0000

    . . . and has to be removed for project to compile.

    Also it seems JACMail.org has to be renamed to JACMail4.org for the original MDB.

    Does it support pop.gmail.com for POP3 over TLS 1.3 on port 995? When I press TEST it errors with "Handshake Authentication Error" here.

    cheers,
    </wqw>

  3. #3

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by wqweto View Post
    Line 195 of frmSendMail.frm is this

    OleObjectBlob = "frmSendMail.frx":0000[/indent][/indent]

    . . . and has to be removed for project to compile.

    Also it seems JACMail.org has to be renamed to JACMail4.org for the original MDB.

    Does it support pop.gmail.com for POP3 over TLS 1.3 on port 995? When I press TEST it errors with "Handshake Authentication Error" here.

    cheers,
    </wqw>
    I have not idea what that reference means. The same reference exists back in the original JACMail3 at line 187:
    Code:
       Begin INKEDLibCtl.InkEdit txtMessage 
          Height          =   3615
          Left            =   0
          OleObjectBlob   =   "frmSendMail.frx":0000
          TabIndex        =   20
          Top             =   1920
          Width           =   9615
       End
    Prior to that txtMessage was just a TextBox. Could it have anything to do with "RichEd20.dll" which I believe provides the Spell Checking.

    Yes, you are right. The empty database should be named "JACMail4.org". Obviously I manually created the database and did not test that function.

    I tested both the POP account and the SMTP account quite a bit, but I had enabled "Allow Less Secure" on the Gmail account, and I believe you were using "Application Password" and 2FA. If you have information on how to use "Application Password", I would appreciate the feedback.

    J.A. Coutts
    Last edited by couttsj; Dec 13th, 2020 at 11:04 PM.

  4. #4

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by wqweto View Post
    Line 195 of frmSendMail.frm is this

    OleObjectBlob = "frmSendMail.frx":0000[/indent][/indent]

    . . . and has to be removed for project to compile.

    cheers,
    </wqw>
    I checked back on some earlier work that I did on spell checking with the InkEdit control, and that same reference to the .frx file exists. I don't profess to understand the linkage, but the .frx file does contain a reference to the Riched20 file.

    LB ☺ ,☺ ♀♥ O♂ O♂ ☻ ► ☺ 4↕═≥‼ ≥‼ ♣ ☺ ☺ ╨ ☻ ► D E
    F A U L T + ☺ ☺_Segoe UI R☺ { \ r t f 1 \ a n s i \ a n s i c p g 1 2 5 2 \ d e f f
    0 \ n o u i c o m p a t \ d e f l a n g 1 0 3 3 { \ f o n t t b l { \ f 0 \ f n i l \ f c h a r s e t 0 S e g o e U
    ; } }
    { \ * \ g e n e r a t o r R i c h e d 2 0 1 0 . 0 . 1 5 0 6 3 } \ v i e w k i n d 4 \ u c 1
    \ p a r d \ f 0 \ f s 1 8 \ p a r
    }

    J.A. Coutts

  5. #5
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by couttsj View Post
    I checked back on some earlier work that I did on spell checking with the InkEdit control, and that same reference to the .frx file exists. I don't profess to understand the linkage, but the .frx file does contain a reference to the Riched20 file.

    LB ☺ ,☺ ♀♥ O♂ O♂ ☻ ► ☺ 4↕═≥‼ ≥‼ ♣ ☺ ☺ ╨ ☻ ► D E
    F A U L T + ☺ ☺_Segoe UI R☺ { \ r t f 1 \ a n s i \ a n s i c p g 1 2 5 2 \ d e f f
    0 \ n o u i c o m p a t \ d e f l a n g 1 0 3 3 { \ f o n t t b l { \ f 0 \ f n i l \ f c h a r s e t 0 S e g o e U
    ; } }
    { \ * \ g e n e r a t o r R i c h e d 2 0 1 0 . 0 . 1 5 0 6 3 } \ v i e w k i n d 4 \ u c 1
    \ p a r d \ f 0 \ f s 1 8 \ p a r
    }

    J.A. Coutts
    This line has to be removed. This is a common bug in the IDE. Binary properties cannot be "unset".

    Once some property value gets into the .frx file even if it is set to empty byte-array the "pointer" to .frx file remain (although the size of the value inside the .frx file is zero).

    cheers,
    </wqw>

  6. #6

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by wqweto View Post
    This line has to be removed. This is a common bug in the IDE. Binary properties cannot be "unset".

    Once some property value gets into the .frx file even if it is set to empty byte-array the "pointer" to .frx file remain (although the size of the value inside the .frx file is zero).

    cheers,
    </ewe>
    I am having a little trouble understanding this. When I create a new project and add a single InkEdit control, that reference appears.
    Code:
    C:\VB98\Test\dummy>type form1.frm
    VERSION 5.00
    Object = "{8405D0DF-9FDD-4829-AEAD-8E2B0A18FEA4}#1.0#0"; "Inked.dll"
    Begin VB.Form Form1
       Caption         =   "Form1"
       ClientHeight    =   3285
       ClientLeft      =   120
       ClientTop       =   465
       ClientWidth     =   4560
       LinkTopic       =   "Form1"
       ScaleHeight     =   3285
       ScaleWidth      =   4560
       StartUpPosition =   3  'Windows Default
       Begin INKEDLibCtl.InkEdit InkEdit1
          Height          =   2895
          Left            =   840
          OleObjectBlob   =   "Form1.frx":0000
          TabIndex        =   0
          Top             =   120
          Width           =   2895
       End
    End
    Attribute VB_Name = "Form1"
    Attribute VB_GlobalNameSpace = False
    Attribute VB_Creatable = False
    Attribute VB_PredeclaredId = True
    Attribute VB_Exposed = False
    Option Explicit
    Is it just my system that this occurs on?

    J.A. Coutts

  7. #7

  8. #8

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by wqweto View Post
    There is no frmSendMail.frx in the zip for some reason. Removing the line that reference it fixed the load failure for me.
    That explains it. On a different note, I have the strange feeling that Google is going to remove all forms of authentication with the exception of oAUTH2, and I know you have done some work in that field. Have you ever done any work with oAUTH2 in VB6?

    J.A. Coutts

  9. #9
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by couttsj View Post
    Have you ever done any work with oAUTH2 in VB6?
    https://github.com/wqweto/VbGcp/blob.../cGcpOAuth.cls

    This needs a web browser for the logon form UI and uses urn:ietf:wg:oauth:2.0:oob for redirect_url which is the so called out-of-band flow/shim especially designed for desktop applications so that the status of the auth is communicated through the. . . well, the title of the browser! As hilarious as it is but it's true -- check out the TitleChange event :-))

    cheers,
    </wqw>

  10. #10

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by wqweto View Post
    https://github.com/wqweto/VbGcp/blob.../cGcpOAuth.cls

    This needs a web browser for the logon form UI and uses urn:ietf:wgauth:2.0ob for redirect_url which is the so called out-of-band flow/shim especially designed for desktop applications so that the status of the auth is communicated through the. . . well, the title of the browser! As hilarious as it is but it's true -- check out the TitleChange event :-))

    cheers,
    </wqw>
    Had a bit of difficulty getting the sample project to load. All the modules used a line feed only (&H0A) on each line instead of crlf, so I had to view, and copy & paste each one. Once I got it running, after entering the Gmail account as requested, it returned the following script error:
    ----------------------------------------------
    https://ssl.gstatic.com/accounts/sta...rs=ABkqax2V0e-
    ----------------------------------------------
    I ran the packet analyzer on it , and there were 351 back and forth packets. Most of it was encrypted, so it didn't make a lot of sense.

    J.A. Coutts

  11. #11
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    > Had a bit of difficulty getting the sample project to load. All the modules used a line feed only (&H0A) on each line instead of crlf, so I had to view, and copy & paste each one.

    Yes, this is a problem .gitattributes file in the repo when you download the ZIP file from github. When using a normal git client new-lines are in correct vbCrLf format. (The repo is archived so don't plan on fixing it.)

    cheers,
    </wqw>

  12. #12

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by wqweto View Post
    Does it support pop.gmail.com for POP3 over TLS 1.3 on port 995? When I press TEST it errors with "Handshake Authentication Error" here.

    cheers,
    </wqw>
    Did you resolve this issue? Does the App Password simple replace the email password?

    J.A. Coutts

  13. #13
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    > Did you resolve this issue?

    No, this is a problem in the TLS handshake and the code is rather involved.

    > Does the App Password simple replace the email password?

    Yes, this is what I use in Outlook for pop3 user/password at least.

    cheers,
    </wqw>

  14. #14

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by wqweto View Post
    > Did you resolve this issue?

    No, this is a problem in the TLS handshake and the code is rather involved.

    > Does the App Password simple replace the email password?

    Yes, this is what I use in Outlook for pop3 user/password at least.

    cheers,
    </wqw>
    The Handshake error should occur after the calculation of the Handshake keys, and that must occur before the New Session Ticket is decrypted. The first task is to determine where the Authentication error occurs. To assist you, below is the Immediate Window results for a typical POP3 test. If you see a blank Key: field, that means that key was not calculated.

    J.A. Coutts
    Code:
    FD_WRITE 2316
    FD_READ 2316
    OK Bytes obtained from buffer: 2655
    Early Secret:
    33 AD 0A 1C 60 7E C0 3B 09 E6 CD 98 93 68 0C E2 
    10 AD F3 00 AA 1F 26 60 E1 B2 2E 10 F1 70 F9 2A 
    
    tls13 derived:
    6F 26 15 A1 08 C7 02 C5 67 8F 54 FC 9D BA B6 97 
    16 C0 76 18 9C 48 25 0C EB EA C3 57 6C 36 11 BA 
    
    HandShake Secret:
    F4 6E B9 D8 CD D2 E2 99 99 51 F5 BF 4C C1 9C 7B 
    C2 C0 B2 89 1E E4 7C 63 14 1B D3 69 A7 3E 28 C1 
    
    Master tls13 derived:
    23 F6 06 8C 31 18 3D F9 5F 0F 59 EC DC CE DD 50 
    B8 AC 5E 71 45 BB C5 90 4A 1A 4F 4D F7 08 D9 DE 
    
    Session Hash:
    83 62 A0 C7 F2 D9 94 30 87 3D DD 1D 93 FB 45 50 
    C6 A7 E8 97 38 6B A7 0D 6A BD A2 57 F8 B2 0C B9 
    
    tls13 c hs traffic:
    94 57 7F 6A 5E 69 00 CF 61 36 35 AC 87 7B 8F 42 
    7B 51 C5 00 5E DC 00 5C C7 1C 83 F1 6B 60 D9 7C 
    
    tls13 s hs traffic:
    D7 2B D7 2A B6 F1 88 7A E2 06 47 B4 B2 FB 71 A7 
    30 BB 8F 0C 7B D1 96 7D 33 B3 BB 0F 6E 67 B9 5A 
    
    Master:
    2F 56 D1 AF FB B9 CE D7 09 F3 16 BA DA FE 7E 65 
    77 22 A6 61 89 DE 2B 69 DC 3B 30 EC 74 AB 71 DE 
    
    HS Read Key:
    B9 AD 24 69 79 A1 F6 DC FD 7E 8E 4F F9 4B DE 4F 
    
    HS Read IV:
    3E 77 5F 25 E6 15 C7 AD 48 3B 87 B3 
    HS Write Key:
    5C 85 45 3F C5 95 15 9F 04 BC B3 D8 78 88 13 FF 
    
    HS Write IV:
    5F 01 69 BF AF 78 BE 61 08 9F E0 82 
    tls13 finished:
    66 42 51 66 B1 9B F9 FF 7E 15 BA FB 04 16 49 70 
    84 9D ED F8 35 E8 FA BB 4D B2 A9 9F 02 0B A4 01 
    
    Key:
    B9 AD 24 69 79 A1 F6 DC FD 7E 8E 4F F9 4B DE 4F 
    
    Receive        1 
    Ext:
    08 00 00 02 00 00 
    Session Hash:
    AA 3A CB 8C DC 97 0B 17 09 7D 73 14 44 03 71 AC 
    4F 88 1C B4 74 42 EE 91 84 91 63 46 CA 44 1D A5 
    
    Cert          B             26
    Session Hash:
    00 4D F4 D9 F8 6F 07 4D ED 02 9D 1C 4C 8A 1F 03 
    6E BD B4 80 AA B7 71 C5 A8 37 AE 0D E3 2F E8 1D 
    
    Cert Vreify   F             4B
    Session Hash:
    78 94 A9 C3 6F 80 9D 1A 31 E7 BC D0 6F F6 8D B5 
    84 6B 0C EE ED 7E 9E CF 10 5C 48 47 18 F7 84 22 
    
    Finished:
    2B 0B FC DA 28 6A 80 66 21 F0 79 4C DA 28 34 BE 
    C3 54 2F 21 15 B5 96 33 97 99 4F 10 D5 8E C2 B2 
    
    Finish:
    14 00 00 20 2B 0B FC DA 28 6A 80 66 21 F0 79 4C 
    DA 28 34 BE C3 54 2F 21 15 B5 96 33 97 99 4F 10 
    D5 8E C2 B2 
    Server Finish Recv:
    14 00 00 20 2B 0B FC DA 28 6A 80 66 21 F0 79 4C 
    DA 28 34 BE C3 54 2F 21 15 B5 96 33 97 99 4F 10 
    D5 8E C2 B2 
    Server Finish Calc:
    14 00 00 20 2B 0B FC DA 28 6A 80 66 21 F0 79 4C 
    DA 28 34 BE C3 54 2F 21 15 B5 96 33 97 99 4F 10 
    D5 8E C2 B2 
    Session Hash:
    7D 54 A6 1C E3 4D BC DD 44 03 5D 97 B6 5A 87 D8 
    AF B4 AB A3 E9 34 FC 04 E8 C5 F6 B8 A1 ED 77 5A 
    
    tls13 c ap traffic:
    5C 87 F0 79 46 B1 03 8C 91 40 6E D6 37 86 50 D2 
    8A 50 A7 5D 7D 0A 09 D2 57 EB 98 F2 DF 6E 39 DF 
    
    tls13 s ap traffic:
    3E 08 9F D7 48 81 EA 09 DF 77 B7 59 B3 30 4E 6B 
    F0 6F A3 21 49 C6 D5 46 98 0A 40 7A B6 9C 9E 3C 
    
    tls13 exp master:
    5C 0C F0 32 A0 0E 2F 47 89 A6 48 61 95 9B A9 51 
    09 60 7D 5A A4 A4 81 35 74 7D 50 0D 77 16 99 38 
    
    AP Read Key:
    3C 60 8F 53 0D 83 F1 9E C5 BB 36 07 93 3E 1A 35 
    
    AP Read IV:
    9F 9D 45 AA 1B BC 68 90 8A 20 F0 39 
    AP Write Key:
    EE B3 C0 6B 8A EF A5 CF 22 99 D1 98 81 2D A2 E0 
    
    AP Write IV:
    0F 13 EA 95 91 7D 70 F2 33 58 B3 6B 
    tls13 finished:
    7C C1 4A 1F 30 57 7C ED ED CD 4E 9A C1 93 AD 77 
    C2 62 C5 86 B1 0E EC FF 09 02 1E 61 DC 87 66 16 
    
    Finished:
    7A EE C0 F8 1A E3 ED 45 0E 6E 83 4D 44 1B 69 59 
    71 4B 42 96 0E 6D 77 6B B2 3E FC B4 EA 07 6D 23 
    
    Finish:
    14 00 00 20 7A EE C0 F8 1A E3 ED 45 0E 6E 83 4D 
    44 1B 69 59 71 4B 42 96 0E 6D 77 6B B2 3E FC B4 
    EA 07 6D 23 
    Session Hash:
    C1 78 50 4B 69 1A C7 5E 05 7B 05 7A D5 8C 41 B6 
    F0 AE A6 DB A7 55 FA 6C C7 88 BF 27 29 5D 51 61 
    
    Key:
    5C 85 45 3F C5 95 15 9F 04 BC B3 D8 78 88 13 FF 
    
    OK Bytes sent: 58
    OK Finished SENDING
    --> 
    res master:
    7C 8E DB 1E 31 4F 15 BC 07 74 74 4D 79 AA 0D DA 
    9C BD 05 03 02 32 F8 86 BB F8 12 07 5D 2D ED 1C 
    
    tls13 resumption:
    9A 06 EA 4C 30 48 97 EE 98 9F 9D A2 09 59 77 45 
    40 9B 21 B6 7D DA 21 4F 38 8C FF 57 D6 07 94 6E 
    
    FD_READ 2316
    OK Bytes obtained from buffer: 594
    Key:
    3C 60 8F 53 0D 83 F1 9E C5 BB 36 07 93 3E 1A 35 
    
    Receive        1 
    New Session Ticket
    Key:
    3C 60 8F 53 0D 83 F1 9E C5 BB 36 07 93 3E 1A 35 
    
    Receive        2 
    +OK Gpop ready for requests from 154.20.201.186 f4mb148788553jag
    
    Key:
    EE B3 C0 6B 8A EF A5 CF 22 99 D1 98 81 2D A2 E0 
    
    OK Bytes sent: 47
    OK Finished SENDING
    --> 
    FD_READ 2316
    OK Bytes obtained from buffer: 37
    Key:
    3C 60 8F 53 0D 83 F1 9E C5 BB 36 07 93 3E 1A 35 
    
    Receive        3 
    +OK send PASS
    
    Key:
    EE B3 C0 6B 8A EF A5 CF 22 99 D1 98 81 2D A2 E0 
    
    OK Bytes sent: 39
    OK Finished SENDING
    --> 
    FD_READ 2316
    OK Bytes obtained from buffer: 36
    Key:
    3C 60 8F 53 0D 83 F1 9E C5 BB 36 07 93 3E 1A 35 
    
    Receive        4 
    +OK Welcome.
    
    Key:
    EE B3 C0 6B 8A EF A5 CF 22 99 D1 98 81 2D A2 E0 
    
    OK Bytes sent: 28
    OK Finished SENDING
    --> 
    FD_READ 2316
    OK Bytes obtained from buffer: 37
    Key:
    3C 60 8F 53 0D 83 F1 9E C5 BB 36 07 93 3E 1A 35 
    
    Receive        5 
    +OK Farewell.
    
    OK Destroyed winsock message window 11273160
    OK Destroyed socket collection
    STATE: sckClosed

  15. #15
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    This is what I get in Immediate Window instead:

    Code:
    OK SubClass Initialized!
    ECDH_P256      256           23            49            32 
    Winsock buffer size for sends: 65536
    Winsock buffer size for receives: 65536
    OK Created socket collection
    OK Created winsock message window 17050292
    OK Registered events from socket 1672
    FD_CONNECT 1672
    STATE: sckConnected
    Session Hash:
    80 C5 38 81 1B E7 68 7D 69 BA 04 6E EA 25 20 EF 
    3F 20 02 78 50 A8 45 5F E5 4A C5 51 B1 E2 EB B0 
    
    OK Bytes sent: 237
    OK Finished SENDING
    --> 
    FD_WRITE 1672
    FD_READ 1672
    OK Bytes obtained from buffer: 2654
    Early Secret:
    33 AD 0A 1C 60 7E C0 3B 09 E6 CD 98 93 68 0C E2 
    10 AD F3 00 AA 1F 26 60 E1 B2 2E 10 F1 70 F9 2A 
    
    tls13 derived:
    6F 26 15 A1 08 C7 02 C5 67 8F 54 FC 9D BA B6 97 
    16 C0 76 18 9C 48 25 0C EB EA C3 57 6C 36 11 BA 
    
    HandShake Secret:
    93 5F 6B 5D DE 7F FD 31 17 CC 44 1E CC 81 B5 9B 
    79 82 FD 81 F4 6C B5 63 65 C7 03 FF 98 A0 6A 58 
    
    Master tls13 derived:
    EE DC 92 F7 9C AC 54 8A 8E 6B 0B 69 70 59 79 6F 
    92 7B B6 A3 C8 55 CC 43 D4 C3 E5 75 1F 68 65 21 
    
    Session Hash:
    AE B8 10 AE D3 96 14 2A F3 D7 5E 75 B2 67 F4 FD 
    83 60 ED 47 C5 72 9D AD A9 51 04 1A 90 05 DD 53 
    
    tls13 c hs traffic:
    57 56 77 A7 7B E8 83 07 24 F5 F8 E5 8C 3D A8 6E 
    43 40 5D DF AE 93 65 AC 16 92 BD 4C 00 5A 34 28 
    
    tls13 s hs traffic:
    55 06 6D 0B FE 7D B7 AB 4B 9E 43 27 FC 3A 5F 39 
    19 C1 87 86 ED A9 E1 33 40 91 FC EB E8 EA 84 18 
    
    Master:
    B3 88 AB A1 8D 7F AE 43 B6 CB 7F 18 77 9A 72 86 
    9C ED D2 C1 AE B4 A6 59 49 E4 39 72 64 C7 41 B5 
    
    HS Read Key:
    60 2D ED EE 43 C6 1C 21 57 FC 5D A3 71 45 E2 83 
    
    HS Read IV:
    DE A3 4E A4 67 1D CA F9 C8 63 83 14 
    HS Write Key:
    B4 7C 6C B2 00 4E D9 B1 40 2E 8B 0C 52 7A 0B 7C 
    
    HS Write IV:
    72 BD 2C CD D6 B5 23 CE 66 AA 37 DE 
    tls13 finished:
    7A 2B F3 75 D1 4E CF 41 95 FC 08 65 8C 38 CF 1C 
    18 B3 B8 BE 0B 49 19 BE 00 CF EA D9 E2 B6 62 BD 
    
    Key:
    60 2D ED EE 43 C6 1C 21 57 FC 5D A3 71 45 E2 83 
    FD_CLOSE 1672
    REMOTE: sckClosing
    OK Destroyed winsock message window 17050292
    OK Destroyed socket collection
    STATE: sckClosed
    
    Receive        1
    And then the MsgBox popup up

    Code:
    ---------------------------
    prjMail
    ---------------------------
    Handshake Authentication Error
    ---------------------------
    OK   
    ---------------------------
    I don't see pop3 commands so it looks like TLS layer is complaining.

    cheers,
    </wqw>

  16. #16

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    The clue is in these lines:
    Code:
    Key:
    60 2D ED EE 43 C6 1C 21 57 FC 5D A3 71 45 E2 83 
    FD_CLOSE 1672
    REMOTE: sckClosing
    OK Destroyed winsock message window 17050292
    OK Destroyed socket collection
    STATE: sckClosed
    
    Receive        1
    Everything was sent in a single record (2,654 bytes). The first message in that record was the Server Hello, followed by RT_CHANGE_CIPHER_SPEC. Both would have been unencrypted. The next message would normally have been an encrypted Certificate, but may have been an encrypted Alert. At this point the far end closed the socket and all processing stopped. The correct Key (HS Read Key) was used, but did not necessarily agree with the far end. If it was an Alert, our end could not decrypt it because of the Authentication error.

    There are 3 possibilities for the failure.
    1. Different Agreed Secrets causing different key calculations.
    2. Different Session Hashes
    3. Different Sequence Numbers

    The most likely is number 1, and the source could be the supplied Client Hello. Temporarily add "DebugPrintByte "Client Hello", bSend: End" just before "TCP.TCPSend" in "Private Sub TCP_Connect()". It should look something like this:
    Code:
    Client Hello:
    01 00 00 E4 
    03 03 
    F7 8C CB 66 2B 4B 6F 8F 94 C3 E5 B4 E5 C7 E6 63 - Client
    26 A5 AD 6F 2D E5 B6 01 D0 B4 59 70 3C 66 77 A8 - Random
    20 - SessionID len=32
    1B EA 3F 73 9B 16 E2 48 43 71 FA 22 4C 7D BA E5 - Session
    13 88 A2 82 2C AD 51 77 78 C4 4B 07 31 D7 63 34 - ID
    00 06 - Ciphers
       13 01 
       13 02 
       13 03 
    01 - Compression
       00 - None
    00 95 - Extension Length
    00 00 - SNI
       00 12 - Len(18)
       00 10 - list Len(16)
          00 - Type 
             00 0D - Len=13
                70 6F 70 2E 67 6D 61 69 6C 2E 63 6F 6D - pop.gmail.com
    FF 01 - renegotiation_info
       00 01 - Len=1
          00 - None
    00 0A - elliptic_curves
       00 08 - len=8
       00 06 - list len=6
          00 17 - secp256r1
          00 18 - secp384r1
          00 19 - secp521r1
    00 23 - Session Ticket TLS
       00 00 - len=0
    00 33 - Key Share
       00 47 - len=71
       00 45 - list len=69
          00 17 - secp256r1
             00 41 - len=65
                04 
    88 62 24 4B 52 FB 91 4F 45 7F 80 40 4A 30 31 BD 
    2C EB CA 59 6B 51 6F 9D 55 83 5E 60 21 14 AE FA 
    37 DA B8 FF 3B 0A 85 AC 4B 0A 2D 61 6E 96 03 99 
    97 ED C3 F9 1E 0D 62 D6 E5 D9 A5 AC 88 89 E2 DF 
    00 2B - supported versions
       00 03 - len=3
          02 - list len=2
             03 04 - TLS 1.3
    00 0D - signature algorithms
       00 08 - len=8
       00 06 - list len=6
          04 03 - ECDSA-SECP256r1-SHA256
          05 03 - ECDSA-SECP384r1-SHA384
          06 03 - ECDSA-SECP521r1-SHA512
    00 2D - psk key exchange modes
       00 02 - len=2
          01 - list len=1
             01 - PSK with (EC)DHE key
    00 1C - record size limit
       00 02 - len=2
          40 01 - 16,385
    If that checks out, we will have to look at the Agreed Secret. Depending on what we find, I may have to add some further error checking.

    J.A. Coutts

  17. #17
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    Here it is

    Code:
    Client Hello:
    01 00 00 E4 03 03 F7 65 D7 4C E3 5E 72 63 62 9B 
    5F 05 67 39 25 47 E5 0F 5A 4C 47 18 BE BF C5 76 
    0C AF 45 8E 00 A6 20 24 DA 84 B1 DC 78 1A 8A D1 
    7B 38 E0 D5 55 20 75 7F 0B C3 56 EB 07 8C 41 3B 
    5F 65 9A 9F CF 7D 6F 00 06 13 01 13 02 13 03 01 
    00 00 95 00 00 00 12 00 10 00 00 0D 70 6F 70 2E 
    67 6D 61 69 6C 2E 63 6F 6D FF 01 00 01 00 00 0A 
    00 08 00 06 00 17 00 18 00 19 00 23 00 00 00 33 
    00 47 00 45 00 17 00 41 04 F5 E4 C0 CE 5C A7 EB 
    49 10 84 4A 11 0C 30 2E 2D 0F C2 40 4A 5B 29 98 
    DF BB 3D 61 54 11 4A EB 80 74 C5 58 1F 63 4F 9A 
    59 20 E0 9D 89 F2 96 9E 68 9B DC 41 87 EA 2E B5 
    A1 B0 D8 EC FA 6B 05 66 94 00 2B 00 03 02 03 04 
    00 0D 00 08 00 06 04 03 05 03 06 03 00 2D 00 02 
    01 01 00 1C 00 02 40 01
    I am able to connect w/ TLS 1.3 using my impl

    Code:
    980168.657 [INFO] IpAddress=64.233.167.108 [Form1.m_oSocket_OnResolve]
    980168.748 [INFO] Using TLS_AES_128_GCM_SHA256 from pop.gmail.com [mdTlsThunks.pvTlsParseHandshakeServerHello]
    980168.750 [INFO] With exchange group X25519 [mdTlsThunks.pvTlsParseHandshakeServerHello]
    980168.759 [INFO] Valid ECDSA_SECP256R1_SHA256 signature [mdTlsThunks.pvTlsSignatureVerify]
    You might want to access port 995 on IpAddress above directly if servers in Europe zone differ on TLS impl. than the ones you reach from your location.

    cheers,
    </wqw>

  18. #18

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Sorry for the late response, but we had a power failure locally. That IP address checks out, and so does the Client Hello. Let's try to display the Client Private Key, Server Public Key, and Agreed Secret. With both keys we should be able to verify the Agreed Secret.

    In the HKDF.GetECCKey function, add the following 2 lines just before "cbPubBlobS = GetbSize(bPrivateECCKey)".

    DebugPrintByte "PublicECCKey", bPublicECCKey
    DebugPrintByte "PrivateECCKey", bPrivateECCKey

    and DebugPrintByte "Agreed Secret", bSecret right after "CopyMemory bSecret(0), ByVal lPntr + 4, cbAgreedSecret".

    J.A. Coutts

  19. #19
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    After this line

    lRet = BCryptDeriveKey(hAgreedSecret, StrPtr("TRUNCATE"), 0, VarPtr(bSecret(0)), cbAgreedSecret, cbAgreedSecret, 0)

    . . . you get the agreed secret from BCrypt API in little-endian encoding which was already discussed.

    You have to reverse the bAgreedSecret array or otherwise your "HandShake Secret" calculation works on wrong input-key-material and subsequently everything incl. HS keys/IVs go south.

    cheers,
    </wqw>

  20. #20

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by wqweto View Post
    After this line

    lRet = BCryptDeriveKey(hAgreedSecret, StrPtr("TRUNCATE"), 0, VarPtr(bSecret(0)), cbAgreedSecret, cbAgreedSecret, 0)

    . . . you get the agreed secret from BCrypt API in little-endian encoding which was already discussed.

    You have to reverse the bAgreedSecret array or otherwise your "HandShake Secret" calculation works on wrong input-key-material and subsequently everything incl. HS keys/IVs go south.

    cheers,
    </wqw>
    Refresh my memory. Was this a Win 10 only issue, which would explain why it works on my Win 8.1?

    J.A. Coutts

  21. #21
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    https://www.vbforums.com/showthread....=1#post5466703

    So yes, in Win8.1 this

    CopyMemory bSecret(0), ByVal lPntr + 4, cbAgreedSecret

    . . . must be directly accessing the private buffer of the agreed secret as it's stored internally in big-endian and does not need reversal.

    Edit: In my libsodium TLS backend I had to recently reimplement ECDH over NIST curves using native BCrypt API and just confirmed that there is pvArrayReverse call before returning the agreed secret.

    It turned out this backend uses CNG for ECDH over NIST curves and RSA-PSS + ECDSA signatures (impl signing for server-side only), old Crypto API for SHA-1/2 hashes and HMAC for HKDF, and libsodium for ECDH over X25519 and AES-GCM + Chacha20-Poly1305 bulk ciphers and I got very surprised how compact, capable and compatible it became.

    cheers,
    </wqw>

  22. #22

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Back in April of this year, wqweto informed me of a relatively new parameter added to BCryptDeriveKey that could extract the raw Agreed Secret on Win 10. Unfortunately, the Agreed Secret was in reverse order, and the function returned an error when used on Win 8.1. With Win 8.1, the raw Agreed Secret gets copied directly from memory. Somewhere in the many rewrites, the logic got lost.

    In HKDF.GetECCKey:
    Code:
        'Get Agreed Secret
        lRet = BCryptDeriveKey(hAgreedSecret, StrPtr("TRUNCATE"), 0, VarPtr(bAgreedSecret(0)), cbAgreedSecret, cbAgreedSecret, 0)
        If lRet <> 0 Then
            If AuxFlg Then
                CopyMemory bAgreedSecret(0), ByVal lPntr + 4, cbAgreedSecret
            Else
                ReDim bAgreedSecret(0)
                bAgreedSecret(0) = 12
                GoTo ReleaseHandles
            End If
        End If
    gets replaced with:
    Code:
        'Get Agreed Secret
        lRet = BCryptDeriveKey(hAgreedSecret, StrPtr("TRUNCATE"), 0, VarPtr(bSecret(0)), cbAgreedSecret, cbAgreedSecret, 0)
        If lRet = 0 Then 'Success
            bTmp = bSecret 'Reverse result (req'd for Win 10?)
            cbAgreedSecret = cbAgreedSecret - 1
            For lPntr = 0 To cbAgreedSecret
                bSecret(cbAgreedSecret) = bTmp(lPntr)
                cbAgreedSecret = cbAgreedSecret - 1
            Next lPntr
        Else
            If AuxFlg Then 'Req'd for Win 8.1
                CopyMemory bSecret(0), ByVal lPntr + 4, cbAgreedSecret
            Else
                ReDim bSecret(0)
                bSecret(0) = 12
                GoTo ReleaseHandles
            End If
        End If
    Also, when using the same account to send and receive email, I added the ability to enter the password when checking for mail by using a CTRL-p. The 16 byte random application password can be a bit difficult to remember.

    Download has been updated.

    J.A. Coutts

  23. #23

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    wqweto;

    Were you impacted at all by the Dec. 14 Google outage? oAUTH was affected world wide, but there is little information about other access.

    Also, Gmail keeps sending emails hinting at the access I am using (Less Secure enabled) is insecure. Are you receiving the same warnings using App passwords?

    J.A. Coutts

  24. #24
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by couttsj View Post
    wqweto;

    Were you impacted at all by the Dec. 14 Google outage? oAUTH was affected world wide, but there is little information about other access.

    Also, Gmail keeps sending emails hinting at the access I am using (Less Secure enabled) is insecure. Are you receiving the same warnings using App passwords?

    J.A. Coutts
    I'm not sure about POP3 being affected during this 1 hour of outage. Could be or could be I just didn't receive any main in my gmail mailbox.

    Here is a log from Immediate Window, I don't see any warning
    Code:
    33 AD 0A 1C 60 7E C0 3B 09 E6 CD 98 93 68 0C E2 
    10 AD F3 00 AA 1F 26 60 E1 B2 2E 10 F1 70 F9 2A 
    
    tls13 derived:
    6F 26 15 A1 08 C7 02 C5 67 8F 54 FC 9D BA B6 97 
    16 C0 76 18 9C 48 25 0C EB EA C3 57 6C 36 11 BA 
    
    Agreed Secret:
    DC 64 2A DC FA 75 5C EA A9 05 F4 D0 B4 6C 98 3D 
    0C C7 DE 1C AF D3 2B 2F 5D 76 FC 1B 60 63 0B DE 
    
    HandShake Secret:
    B5 D7 62 58 8B 2E 7E 03 0E C9 D4 DA 23 D2 BE DE 
    48 98 0D DE BA ED 68 8C 3B E3 68 CC D8 5B 5E 69 
    
    Master tls13 derived:
    E5 CB 68 07 F2 34 14 0B C3 EC 2F EA 8F 61 57 C5 
    77 9A FD 30 2D 5F CE E6 F4 43 0F 33 95 3C 54 4C 
    
    Session Hash:
    A1 DD E6 88 85 19 84 18 A1 4B D9 CC 24 61 A1 9B 
    96 FB 7F 8F FD 00 4E 23 4F 58 EC E0 FC 85 2B E6 
    
    tls13 c hs traffic:
    8C 4F 9D 8F 21 49 92 4E 64 DF BC 33 4F A7 40 D6 
    12 66 37 9A CF 83 AA 42 B5 EB 3B 71 94 1B 90 F7 
    
    tls13 s hs traffic:
    BA 64 44 E5 6D 20 9F 0A 1B FF 9F 47 0E 78 AC CD 
    E5 96 6F 76 3A 01 30 D6 97 42 D0 03 B0 0B 21 86 
    
    Master:
    79 DC C2 4F A1 8A AE D1 CA 54 5A 0E 9A 5B 5E 09 
    22 9B 77 46 B8 FE DB 47 39 CC 3B E1 F5 0F 22 B8 
    
    HS Read Key:
    5C 06 FF E1 47 5E A0 FD 57 3A 23 B8 00 D4 FD 5D 
    
    HS Read IV:
    92 C3 A1 E4 75 5D FA 71 F4 8F AF 09 
    HS Write Key:
    65 E0 5E 0F 79 48 3A F9 0C 8E E7 2D 61 2A E3 41 
    
    HS Write IV:
    CC C8 28 14 99 BF 7D BE A1 2B EF DE 
    tls13 finished:
    2B 11 9E A3 3C B7 51 0A 81 7B 48 65 10 F6 87 11 
    7F A7 D8 3F E8 E4 EA 38 C9 70 F1 49 8C 3D 91 FB 
    
    Key:
    5C 06 FF E1 47 5E A0 FD 57 3A 23 B8 00 D4 FD 5D 
    
    Receive        1 
    Ext:
    08 00 00 02 00 00 
    Session Hash:
    FE BA CF CE 07 AF 77 76 69 D6 2A 6E 7E 44 2C 67 
    88 99 AF 41 EB 6D E0 65 AC 7F 1E 04 75 C4 B1 01 
    
    Cert          B             26
    Session Hash:
    D3 3A DF 19 C0 E5 02 0C 24 DD 90 4E 5D 9D EF 51 
    5F D5 0B DC 2E 27 33 78 C4 D6 FC 9A 45 0B 92 F7 
    
    Cert Vreify   F             4B
    Session Hash:
    4C 12 02 74 17 CB A4 D1 3A 55 93 9B 0E D3 65 27 
    9E 4A 29 A5 65 61 2A AD 5F 17 F2 73 E2 28 2C 27 
    
    Finished:
    EE 32 15 B5 6D E5 00 51 09 0E 68 47 61 7A 2B 24 
    4F A1 8D DB D6 DB F4 57 25 59 EF 81 AC B4 FF 7A 
    
    Finish:
    14 00 00 20 EE 32 15 B5 6D E5 00 51 09 0E 68 47 
    61 7A 2B 24 4F A1 8D DB D6 DB F4 57 25 59 EF 81 
    AC B4 FF 7A 
    Server Finish Recv:
    14 00 00 20 EE 32 15 B5 6D E5 00 51 09 0E 68 47 
    61 7A 2B 24 4F A1 8D DB D6 DB F4 57 25 59 EF 81 
    AC B4 FF 7A 
    Server Finish Calc:
    14 00 00 20 EE 32 15 B5 6D E5 00 51 09 0E 68 47 
    61 7A 2B 24 4F A1 8D DB D6 DB F4 57 25 59 EF 81 
    AC B4 FF 7A 
    Session Hash:
    4D 5A 22 14 47 C7 C1 4C EB DA B4 FA 34 84 0D FC 
    55 5F 6C FD B4 E0 B0 13 87 64 00 A2 C7 51 05 BC 
    
    tls13 c ap traffic:
    BD 60 A5 7B 3A CA DF 73 8E A2 A5 51 20 E5 45 78 
    08 5A 4D FB 4A 81 25 91 19 97 9D DE 9A 0E F4 B5 
    
    tls13 s ap traffic:
    93 59 DF 56 2F B5 07 59 87 69 CE AA FA FC 2D 72 
    07 A3 CC 52 38 DD 24 7E CE 23 08 B1 5E 79 8E AE 
    
    tls13 exp master:
    6C 31 9F 2F 85 73 80 C2 B6 AD 30 B7 C5 36 C3 64 
    05 CC E2 DE 60 FC 68 D3 99 4C C7 01 05 F8 A5 E1 
    
    AP Read Key:
    E0 D2 0E 44 71 C2 83 1E FF 64 BA 67 D8 3F C7 EB 
    
    AP Read IV:
    AD 3E CA 47 5A BD 24 02 77 7E 15 76 
    AP Write Key:
    E7 97 EF 1E EE F8 1B 9C 85 CB 51 02 BA FA E2 78 
    
    AP Write IV:
    D1 C4 FF 86 5C E5 0B 8B 3D A5 6D 90 
    tls13 finished:
    B3 53 AA F9 F7 85 F4 53 DF 04 FB E4 A3 61 96 E5 
    D2 74 19 9A 44 51 4B 07 2F CD C2 90 43 C8 1C E8 
    
    Finished:
    4E BF B7 5C 47 2B B8 B2 7B F5 49 E2 8C 8E 79 66 
    F1 35 65 B0 C3 BE 6A 87 D4 CC E1 C6 C0 C9 E6 4C 
    
    Finish:
    14 00 00 20 4E BF B7 5C 47 2B B8 B2 7B F5 49 E2 
    8C 8E 79 66 F1 35 65 B0 C3 BE 6A 87 D4 CC E1 C6 
    C0 C9 E6 4C 
    Session Hash:
    05 3C E1 7F 92 CB F2 FC 15 E4 DC A9 07 A1 A3 99 
    DE 48 F3 74 61 02 7E 8A FD 00 4D E4 A5 FA A3 20 
    
    Key:
    65 E0 5E 0F 79 48 3A F9 0C 8E E7 2D 61 2A E3 41 
    
    OK Bytes sent: 58
    OK Finished SENDING
    --> 
    res master:
    A5 7F D9 9C 5F 00 0B 64 9E DE 68 F7 5D 32 23 B0 
    0F 9A 4C 24 06 6B 20 9F 67 CB 56 BC 10 F0 C5 30 
    
    tls13 resumption:
    48 B2 8A 37 2A 4C 8E F9 89 0C 5A E2 85 B5 F4 BC 
    A3 1A FA 9F A2 04 80 EB AA E8 C1 9D AB 2B BB 65 
    
    FD_READ 2100
    OK Bytes obtained from buffer: 595
    Key:
    E0 D2 0E 44 71 C2 83 1E FF 64 BA 67 D8 3F C7 EB 
    
    Receive        1 
    New Session Ticket
    Key:
    E0 D2 0E 44 71 C2 83 1E FF 64 BA 67 D8 3F C7 EB 
    
    Receive        2 
    +OK Gpop ready for requests from 77.238.66.165 t132mb118761242wmg
    
    Key:
    E7 97 EF 1E EE F8 1B 9C 85 CB 51 02 BA FA E2 78 
    
    OK Bytes sent: 45
    OK Finished SENDING
    --> 
    FD_READ 2100
    OK Bytes obtained from buffer: 37
    Key:
    E0 D2 0E 44 71 C2 83 1E FF 64 BA 67 D8 3F C7 EB 
    
    Receive        3 
    +OK send PASS
    
    Key:
    E7 97 EF 1E EE F8 1B 9C 85 CB 51 02 BA FA E2 78 
    
    OK Bytes sent: 45
    OK Finished SENDING
    --> 
    FD_READ 2100
    OK Bytes obtained from buffer: 36
    Key:
    E0 D2 0E 44 71 C2 83 1E FF 64 BA 67 D8 3F C7 EB 
    
    Receive        4 
    +OK Welcome.
    
    Key:
    E7 97 EF 1E EE F8 1B 9C 85 CB 51 02 BA FA E2 78 
    
    OK Bytes sent: 28
    OK Finished SENDING
    --> 
    FD_READ 2100
    OK Bytes obtained from buffer: 37
    Key:
    E0 D2 0E 44 71 C2 83 1E FF 64 BA 67 D8 3F C7 EB 
    
    Receive        5 
    +OK Farewell.
    
    OK Destroyed winsock message window 329256
    OK Destroyed socket collection
    STATE: sckClosed
    cheers,
    </wqw>

  25. #25

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by wqweto View Post
    I'm not sure about POP3 being affected during this 1 hour of outage. Could be or could be I just didn't receive any main in my gmail mailbox.

    Here is a log from Immediate Window, I don't see any warning

    </wqw>
    The hints come as emails to our Gmail account. Here is an example:
    ----------------------------------------------
    Turn off less secure access

    Your personal information is vulnerable because you allow apps & devices to access your account in a less secure way.

    Turn off this type of access and see other personalized security recommendations in the Security Checkup.
    ----------------------------------------------
    This came in as a completely HTML email, and was transferred to my browser to read. This is why I am suspicious that Gmail will try to push users to oAUTH only, and I am trying to determine if the same tactic is being used for App passwords. oAUTH is oriented towards browser based applications, and I am very reluctant to proceed in that direction.

    J.A. Coutts

  26. #26

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    It was D-Day today for the migration of our email account to Gmail. It went relatively smoothly. I used 2FR and App Password to make the transition. One problem that has popped up is that the Gmail POP server appears to operate differently from a normal POP server. My wife and I share the same email account, and by operating JACMail4 on 2 different computers, I was able to maintain a backup database. JACMail maintained a record of the last ID loaded, with an option to delete the messages from the server.

    That worked well for years, but Gmail marks a POP downloaded message as being read, and won't allow it to be downloaded a second time. I have submitted a question to the Gmail Community, but judging from the level of responses seen there, I don't really expect a reasonable answer. I was hoping that someone here had run across this problem and could suggest a solution.

    If all else fails, I can instruct our 3rd party ESP to forward emails to 2 separate Gmail accounts.

    J.A. Coutts

  27. #27

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    As I suspected, I did not get an answer from Gmail Community, so I directed our 3rd party supplier to forward messages to 2 separate Gmail accounts.

    In addition I discovered another problem. I use the UIDL command to request a list of messages that arrived after the submitted ID. Gmail always responds with just a single message, even though there may be several unread messages on the server. I have to reconnect to download each message. This problem has also been submitted to Gmail Community, but I don't expect an answer to this one either.

    J.A. Coutts

  28. #28
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,700

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by couttsj View Post
    I use the UIDL command to request a list of messages that arrived after the submitted ID. Gmail always responds with just a single message, even though there may be several unread messages on the server. I have to reconnect to download each message.
    On Send/Receive button Outlook downloads all "unread" messages from pop.gmail.com in a single connection, so I think it should be possible even with its non-compliant POP3 implementation.

    cheers,
    </wqw>

  29. #29

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by wqweto View Post
    On Send/Receive button Outlook downloads all "unread" messages from pop.gmail.com in a single connection, so I think it should be possible even with its non-compliant POP3 implementation.

    cheers,
    </wqw>
    Does Outlook use the "LIST" command? According to Gmail, the "LIST" command returns the oldest 250 messages in a numbered list. Outlook could then determine which ones it already has and download the rest. This is less than ideal for my purposes. I maintain a record of the last message ID downloaded and request any newer than that with the "UIDL" command. I have never relied on the server to maintain the proper record. Previously, I would periodically delete all messages from the server, rather than delete each one as it was downloaded. Now I have to go to the account in the browser and delete the messages there. It is not a big deal, as it is relatively easy.

    J.A. Coutts

  30. #30

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    I finally figured out why Gmail only returns a single message at a time. The old POP server would return a response to the UIDL command something like this:
    Code:
    +OK 2 messages
    1 <20120810031205.IENX1732.priv-edtnes25.telusplanet.net@edtncm03>
    2 <64A5562D-D924-4515-A3D1-9F7566F453B4@plfab.com>
    .
    The total messages were in the first line, and all messages on the server would be listed by Message ID. I would then find the last Message ID I had received in that list and download anything newer than that.

    Gmail on the other hand responds with only the Message IDs that it has not flagged as being downloaded, and doesn't include all messages on the server. Therefore, the first line does not include the message count. It looks like this:
    Code:
    +OK
    1 GmailId 177e4a81a12e25e0
    2 GmailId 177e4ae099ae8ad1
    .
    This also explains why I cannot download messages to more than one client.

    The download has been updated, but what I can't confirm is whether or not the original system still works. If someone has that ability, I would appreciate feedback.

    J.A. Coutts

  31. #31
    Lively Member gilman's Avatar
    Join Date
    Jan 2017
    Location
    Bilbao
    Posts
    98

    Re: JACMail4 with TLS 1.3

    I downloaded the last version, but Flashbox.frm is not included

  32. #32

    Thread Starter
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    981

    Re: JACMail4 with TLS 1.3

    Quote Originally Posted by gilman View Post
    I downloaded the last version, but Flashbox.frm is not included
    Thanks gilman. It has been updated.

    J.A. Coutts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width