SYMPTOMS

eM Client fails to send or receive email when connecting to a mail server that only supports TLS v1.1 or 1.2. This issue affects communicating to any mail server.

CAUSE

eM Client supports communicating with a server over TLS v1.0 but not TLS v1.1 or TLS v1.2. This appears due to it's core communication libraries targetting .Net Framework 2.0. Even while running under .Net 4.5 (where TLS v1.1 and TLS v1.2 support was added), it cannot use these versions. If you have configured your server to only support TLS v1.1 and 1.2, then this will prevent the client negotiating a connection.

RESOLUTION

Either the server needs to have TLS v1 enabled, or an alternate email client needs to be used. Details on enabling TLS v1 on the server can be found at the URL below

https://technet.microsoft.com/en-us/library/dn786418.aspx#BKMK_SchannelTR_TLS10

MORE INFORMATION

OpenSSL can be used to determine what versions are enabled on a server, by seeing whether you get a welcome message for the protocol you are using. Some example commands used are below (this is using SSL port 995):

openssl s_client -connect mail.example.com:995 -tls1

openssl s_client -connect mail.example.com:995 -tls1_1

openssl s_client -connect mail.example.com:995 -tls1_2

If you are not use eM Client and cannot communicate with the server, also make sure that your operating system has the required TLS versions enabled. Windows 7 for instance does not have TLS v1.1 or 1.2 enabled by default. These need to be enabled via the Windows registry (https://technet.microsoft.com/en-us/library/dn786418.aspx#BKMK_SchannelTR_TLS11).