Using TLS 1.2 with .NET IMAP client

In this article, you’ll find an extensive tutorial detailing the process of setting up the Mail.dll IMAP client to make use of the TLS 1.2 encryption protocol.

This security enhancement guarantees the protection of incoming email messages through IMAP, shielding them from potential risks and unauthorized entry.

Typically, clients and IMAP servers engage in a negotiation process to determine compatible SSL/TLS versions. Many systems no longer support SSL 3.0, TLS 1.0, or 1.1. Mail.dll IMAP component automatically uses the latest available TLS version.

TLS 1.2 and 1.3 are the most secure versions of TLS protocols. You can force the connection to use it.

All you need to do is to set Imap.SSLConfiguration.EnabledSslProtocols property to SslProtocols.Tls12 before issuing ConnectSSL or Connect and StartTLS sequence:

Here you can learn more on how TLS/SSL and StartTLS work in IMAP protocol
// C#

using (Imap imap = new Imap())
{
    imap.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;

    imap.ConnectSSL("imap.example.com");

    imap.UseBestLogin("user","password");

    // ... 

    imap.Close();
}

' VB.NET

Using imap As New Imap()
	imap.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12

	imap.ConnectSSL("imap.example.com")

	imap.UseBestLogin("user@example.com", "password")

	'...

	imap.Close()
End Using

For explicit SSL/TLS, code is almost the same. You first connect to a default, non-secure IMAP port and secure the connection using Imap.StartTLS method:

// C#

using (Imap imap= new Imap())
{
    imap.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;

    imap.Connect("imap.example.com");
    imap.StartTLS();

    imap.UseBestLogin("user@example.com","password");

    // ... 

    imap.Close();
}

' VB.NET

Using imap As New Imap()
	imap.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12

	imap.Connect("imap.example.com")
	imap.StartTLS()

	imap.UseBestLogin("user@example.com", "password")

	'...

	imap.Close()
End Using

Older .NET framework versions

To use TLS 1.2 in IMAP client at least .NET Framework 4.5+ must be installed on your machine and your application should target .NET 4.5+.

It is possible to use TLS 1.2 in applications targeting earlier .NET framework versions, but 4.5 must be installed on the machine. After you have .NET 4.5 installed, your 2.0 – 4.0 apps will use the 4.5 System.dll and you can enable TLS 1.2 using this code:

// C#

imap.SSLConfiguration.EnabledSslProtocols = 
    (SecurityProtocolType)3072;

Tags:    

Questions?

Consider using our Q&A forum for asking questions.