{"id":1009,"date":"2013-08-13T12:00:37","date_gmt":"2013-08-13T10:00:37","guid":{"rendered":"http:\/\/www.limilabs.com\/blog\/?p=1009"},"modified":"2014-04-09T15:28:01","modified_gmt":"2014-04-09T13:28:01","slug":"the-handshake-failed-due-to-an-unexpected-packet-format","status":"publish","type":"post","link":"https:\/\/www.limilabs.com\/blog\/the-handshake-failed-due-to-an-unexpected-packet-format","title":{"rendered":"The handshake failed due to an unexpected packet format"},"content":{"rendered":"<p>Most likely your server requires <strong>explicit SSL<\/strong>, sometimes also known as TLS. <\/p>\n<p>It is called explicit SSL mode, because after the connection is established, client explicitly issues a command to the server that initiates SSL\/TLS negotiation.<\/p>\n<p>This is in contrast to implicit SSL mode, where SSL negotiation is initiated just after successful connection. In implicit mode server and client knows to use SSL, because client uses <a href=\"\/blog\/default-ports-for-email-protocols\">default protocol port<\/a>, that is commonly used for secured traffic.<\/p>\n<p>First try to connect to your server without SSL:<\/p>\n<pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\r\n\/\/ C#\r\n\r\nclient.Connect(&quot;mail.example.com&quot;);\r\n<\/pre>\n<pre class=\"brush: vb; title: ; notranslate\" title=\"\">\r\n' VB.NET\r\n\r\nclient.Connect(&quot;mail.example.com&quot;)\r\n<\/pre>\n<p>Then, before logging-in, <strong>start explicit SSL negotiation<\/strong>. The command name differs for different protocols:<\/p>\n<h2>Explicit SSL (aka TLS)<\/h2>\n<p>The code is exactly the same no matter which protocol (IMAP, POP3 or SMTP) you use.<\/p>\n<pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\r\n\/\/ C#\r\n\r\nclient.Connect(&quot;mail.example.com&quot;);\r\nclient.StartTLS();\r\n<\/pre>\n<pre class=\"brush: vb; title: ; notranslate\" title=\"\">\r\n' VB.NET\r\n\r\nclient.Connect(&quot;mail.example.com&quot;)\r\nclient.StartTLS()\r\n<\/pre>\n<p><em>StartTLS<\/em> method negotiates security protocol with the server and secures the channel using SSL or TLS. Now,<strong> your connection is secured<\/strong>. <\/p>\n<div class=\"well\">\nHere you can find more details on <a href=\"\/blog\/ssl-vs-tls-vs-starttls-stls\">SSL vs TLS vs STARTTLS<\/a>.\n<\/div>\n<p>Please note, that your server may not need SSL\/TLS at all. In such case simply use <em>Connect<\/em> method.<\/p>\n<h2>Enabled SSL Protocols<\/h2>\n<p>On very rare occasions &#8220;handshake failed&#8230;&#8221; error may indicate that TLS is incorrectly configured on the client machine or on the server. <\/p>\n<p>It is possible to force SSL v3.0 usage instead of TLS in explicit mode:<\/p>\n<pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\r\n\/\/ C#\r\n\r\nclient.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;\r\nclient.Connect(&quot;mail.example.com&quot;);\r\nclient.StartTLS();\r\n<\/pre>\n<pre class=\"brush: vb; title: ; notranslate\" title=\"\">\r\n' VB.NET\r\n\r\nclient.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;\r\nclient.Connect(&quot;mail.example.com&quot;);\r\nclient.StartTLS();\r\n<\/pre>\n<p>It is also possible to force SSL v3.0 usage instead of TLS in implicit mode:<\/p>\n<pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\r\n\/\/ C#\r\n\r\nclient.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;\r\nclient.ConnectSSL(&quot;mail.example.com&quot;);\r\n<\/pre>\n<pre class=\"brush: vb; title: ; notranslate\" title=\"\">\r\n' VB.NET\r\n\r\nclient.SSLConfiguration.EnabledSslProtocols = SslProtocols.Ssl3;\r\nclient.ConnectSSL(&quot;mail.example.com&quot;);\r\n<\/pre>\n<h2>Self-signed certificates<\/h2>\n<p>Remember that you can ignore<strong> SSL certificate errors<\/strong> using <em>ServerCertificateValidate <\/em>event:<\/p>\n<pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\r\n\/\/ C#\r\n\r\nstatic void Validate(\r\n    object sender,\r\n    ServerCertificateValidateEventArgs e)\r\n{\r\n    const SslPolicyErrors ignoredErrors =\r\n        SslPolicyErrors.RemoteCertificateChainErrors |\r\n        SslPolicyErrors.RemoteCertificateNameMismatch;\r\n\r\n    if ((e.SslPolicyErrors &amp; ~ignoredErrors) == SslPolicyErrors.None)\r\n    {\r\n        e.IsValid = true;\r\n        return;\r\n    }\r\n    e.IsValid = false;\r\n}\r\n\r\nclient.ServerCertificateValidate += Validate;\r\nclient.Connect...\r\n<\/pre>\n<pre class=\"brush: vb; title: ; notranslate\" title=\"\">\r\n' VB.NET\r\n\r\nPrivate Sub ValidateCerificate( _\r\n    ByVal sender As Object, _\r\n    ByVal e As ServerCertificateValidateEventArgs)\r\n\r\n    Const ignoredErrors As SslPolicyErrors = _\r\n        SslPolicyErrors.RemoteCertificateChainErrors Or _\r\n        SslPolicyErrors.RemoteCertificateNameMismatch\r\n\r\n    If (e.SslPolicyErrors And Not ignoredErrors) = SslPolicyErrors.None Then\r\n        e.IsValid = True\r\n        Return\r\n    End If\r\n    e.IsValid = False\r\nEnd Sub\r\n\r\nAddHandler client.ServerCertificateValidate, AddressOf Validate\r\nclient.Connect...\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Most likely your server requires explicit SSL, sometimes also known as TLS. It is called explicit SSL mode, because after the connection is established, client explicitly issues a command to the server that initiates SSL\/TLS negotiation. This is in contrast to implicit SSL mode, where SSL negotiation is initiated just after successful connection. In implicit [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[15,28,42,50,53,83,57],"class_list":["post-1009","post","type-post","status-publish","format-standard","hentry","category-mail-dll","tag-c","tag-imap","tag-pop3","tag-smtp","tag-ssl","tag-tls","tag-vb-net"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/1009"}],"collection":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/comments?post=1009"}],"version-history":[{"count":11,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/1009\/revisions"}],"predecessor-version":[{"id":3965,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/1009\/revisions\/3965"}],"wp:attachment":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/media?parent=1009"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/categories?post=1009"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/tags?post=1009"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}