Error while connecting using TLS1.2 .Error -A call to SSPI failed.

Question

Hi,

I am upgrading my application to support TLS1.2. I have added below sample code to check.

Sample Code:

imap.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;
imap.ConnectSSL("xxx.xx.xx.xx");
imap.UseBestLogin("xxx", "xxxx");

When i call ConnectSSL i am getting the below error message.

"System.Security.Authentication.AuthenticationException :
A call to SSPI failed, see inner exception.
----> System.ComponentModel.Win32Exception :
The client and server cannot communicate, because they do not possess a common algorithm".

My exchange sever supports both TLS1.0 & TLS 1.2. When i am trying to communicate with EWS, It is communicating with TLS1.2. But when i am using Imap, Client is always trying to communicate with TLS1.0. If i change the SSL protocol to "SslProtocols.Tls", then it is able to communicate with TLS1.0 with out any error.

Why i am getting this error when i change the protocol to TLS12?
Anyone can help me on this.

Regards,
Kiran

Answer 1

First, please perform a simple client machine test: try to connect to gmail IMAP server using the tls1.2 settings ("imap.gmail.com")

I assume that your IMAP email server doesn't support TLS1.2, or both machines (client and server) are configured in such way, they are unable to use the same crypto algorithms.

You can use IISCrypto tool to specify which protocols are enabled on server ("Best practices" button is the way to go in most cases).

Is the server publicly available so we can perform a test connection (we don't need login/password)?