Hello, we have a site that's using DNN 9.09.00 and Mandeeps Live Forms 5.7.4. The SMTP settings in the server settings are configured for our Amazon SES account. This was all working fine until recently when SES retired support for TLS 1.0 and 1.1, and we stopped receiving the email notifications from our forms. I'm trying to determine if this is more of an issue with the Live Forms module, although the version we have says it supports TLS 1.2, or with the DNN settings in general.
When I test the SMTP settings from the server settings, that's successful and I receive the email.
However, when I submit through one of our forms, I see this message in the logs:
Message:Access denied: Amazon SES no longer supports TLS 1.0 and TLS 1.1 connections. You must update your client to use TLS version 1.2 or above. To learn more and to update your client, see https://go.aws/3AUlVSb. For further assistance, contact AWS support (554).
StackTrace:
at ComponentPro.Net.Mail.Smtp.c_OPF(Int32 c_F7C, Boolean c_LXF) at ComponentPro.Net.Mail.Smtp.c_FQF(c_TX c_W5H, Int64 c_X5H) at ComponentPro.Net.Mail.Smtp.c_B6H(Boolean c_C6H, String[] c_RKC, c_TX c_W5H, String c_D6H, Int64 c_X5H) at ComponentPro.Net.Mail.Smtp.c_M5H(c_TS c_CXF, Stream c_UTB, MailAddress c_BMB, MailAddressCollection c_RKC) at ComponentPro.Net.Mail.Smtp.c_S4H(MailMessage c_CXF, MailAddress c_QKC, MailAddressCollection c_RKC) at ComponentPro.Net.Mail.Smtp.Send(MailMessage mail, String sender, String recipients) at Mandeeps.DNN.Libraries.Common.Components.Scheduler.ProcessMailQueue()
As m entioned in a couple other posts, I tried adding this dll to force TLS 1.2, but that didn't seem to have an effect: https://github.com/davidj...nn.tls12/tree/master
Any insight or suggestions on how to update things to work with TLS 1.2 is much appreciated - thank you!
It sounds like you've done all of the things I'd first suggest for you to do. Especially the David Rodriguez library. Nice find!
I personally haven't needed to do anything new in the past 3-4 years to be TLS 1.2+ compatible. Are you sure your server is configured for it? To be sure it's setup correctly, I like to use IISCrypto by Nartac to remove human error from the equation.
If it's not setup correctly, I'd suggest rebooting the server after setting things up with IISCrypto, and then testing everything again.
The final troubleshooting step I'd suggest is to begin troubleshooting things at the logging level between DNN and Amazon SES. If TLS is correctly working, then it's a false positive error message. You'll want to turn on debugging everywhere in DNN for this step.
You need to update Live Forms because the version you run does not support TLS 1.2 And you must update your DNN instance also. Your current DNN version is old, too old. It is from Feb 24, 2021.
Posted By Mariette Knap | Admin on 12/20/2023 9:22 PM You need to update Live Forms because the version you run does not support TLS 1.2 And you must update your DNN instance also. Your current DNN version is old, too old. It is from Feb 24, 2021.
That sounds correct to me, and I also know better. Mariette is always spot-on with her advice. 💪🏽
It could also be an OS setting causing this. What OS is this?
Function Get-RegValue { [CmdletBinding()] Param ( # Registry Path [Parameter(Mandatory = $true, Position = 0)] [string] $RegPath, # Registry Name [Parameter(Mandatory = $true, Position = 1)] [string] $RegName ) $regItem = Get-ItemProperty -Path $RegPath -Name $RegName -ErrorAction Ignore $output = "" | select Path, Name, Value $output.Path = $RegPath $output.Name = $RegName If ($regItem -eq $null) { $output.Value = "Not Found" } Else { $output.Value = $regItem.$RegName } $output } $regSettings = @() $regKey = 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' $regSettings += Get-RegValue $regKey 'SystemDefaultTlsVersions' $regSettings += Get-RegValue $regKey 'SchUseStrongCrypto' $regKey = 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' $regSettings += Get-RegValue $regKey 'SystemDefaultTlsVersions' $regSettings += Get-RegValue $regKey 'SchUseStrongCrypto' $regKey = 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727' $regSettings += Get-RegValue $regKey 'SystemDefaultTlsVersions' $regSettings += Get-RegValue $regKey 'SchUseStrongCrypto' $regKey = 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727' $regSettings += Get-RegValue $regKey 'SystemDefaultTlsVersions' $regSettings += Get-RegValue $regKey 'SchUseStrongCrypto' $regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' $regSettings += Get-RegValue $regKey 'Enabled' $regSettings += Get-RegValue $regKey 'DisabledByDefault' $regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client' $regSettings += Get-RegValue $regKey 'Enabled' $regSettings += Get-RegValue $regKey 'DisabledByDefault' $regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' $regSettings += Get-RegValue $regKey 'Enabled' $regSettings += Get-RegValue $regKey 'DisabledByDefault' $regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' $regSettings += Get-RegValue $regKey 'Enabled' $regSettings += Get-RegValue $regKey 'DisabledByDefault' $regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' $regSettings += Get-RegValue $regKey 'Enabled' $regSettings += Get-RegValue $regKey 'DisabledByDefault' $regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' $regSettings += Get-RegValue $regKey 'Enabled' $regSettings += Get-RegValue $regKey 'DisabledByDefault' $regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' $regSettings += Get-RegValue $regKey 'Enabled' $regSettings += Get-RegValue $regKey 'DisabledByDefault' $regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' $regSettings += Get-RegValue $regKey 'Enabled' $regSettings += Get-RegValue $regKey 'DisabledByDefault' $regSettings
One could argue that there is still plenty of reason to upgrade DNN (or any other software system) until the plan to replace it is actually started. Any number of business decisions could be made between now and then that could push the replacement until next year, or the year after. I've seen it a lot. One of the systems we maintained was supposed to be sunsetted and removed from their infrastructure almost 10 years ago. 🤯
With that being said...
Until the software system in question is actually scheduled for replacement, you're going to have to deal with the expense of maintaining legacy software, both in dollars and other various soft costs. Also, should the worst happen, legacy software is often the way hackers these days find their way into other more maintained systems.
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.