+1 vote

Is there anyway to get the Cipher in USE once you issue the StartTLS
command with the Mail.dll component?

[000.079]        -->     STARTTLS
[000.102]        <--     220 Start TLS negotiation
[000.102]                STARTTLS command works on this server
[000.272]                Cipher in use: ECDHE-RSA-AES256-SHA384
[000.272]                Connection converted to SSL
by

1 Answer

0 votes

You can cast read or write stream to SslStream and extract all required information from it.

You can force which SSL/TLS versions you want to use by using SSLConfiguration and EnabledSslProtocols. Note that this setting applies to both ConnetcSSL (implicit SSL/TLS) and StartTLS (explicit SSL/TLS)

Here's the code:

using (Imap client = new Imap())
{
    // allow TLS 1.2 only:
    client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;

    client.ConnectSSL("imap.gmail.com");

    if (client.IsEncrypted)
    {
        SslStream ssl = ((SslStream)client.ReadStream);

        SslProtocols sslProtocol = ssl.SslProtocol; // Tls12
        CipherAlgorithmType cipherAlgorithmType = ssl.CipherAlgorithm; // Aes128
        int strength = ssl.CipherStrength; // 128
        HashAlgorithmType hashAlgorithmType = ssl.HashAlgorithm; // SHA1
        int hashStrength = ssl.HashStrength; // 160
        ExchangeAlgorithmType exchangeAlgorithmType = ssl.KeyExchangeAlgorithm; //44550 (ECDH Ephemeral)
        int keyExchangeStrength = ssl.KeyExchangeStrength; // 256
    }

    client.UseBestLogin("user", "password");

    client.Close();
}
by (301k points)
...