CheckMail Gmail Updated For Improved SSL Compatability
Category : News
It looks like Google have been updating the security on some of their GMail servers. What started of as an intermittent issue became application breaking and so we’ve had to release an updated version of CheckMail GMail.
It was actually quite an interesting problem to work on so for those of you who enjoy the more techy software side of things here is a little more detail:-
There has been a number of security vulnerability issues with TLS (SSL) v1.0 identified over recent times and it is now considered best practice to harden servers to only accept what (for now) is seen as a more secure implementation, the gold standard being TLS 1.2. At the very least TLS 1.0 should not be used. However when CheckMail GMail was created the highest standard at the time was TLS 1.0 and so that was what we developed our SSL client implementation to use by default. This worked 100% of the time until said servers were hardened. Because Indy is no longer really supported and certainly not with Delphi 6 which is what we used to develop all our earlier applications it meant a lot of digging to get this working again. The solution we found was to have the SSL client component negotiate a compatible security level with the server, something which did’t seem to be an option in any of the documentation. After much, and I mean much trial and error we discovered that setting the SSLOptions.Method of the TIdSSLIOHandlerSocket to sslvSSLv23 caused this negotiation to happen. Who would have thought that defaulting to TLS1.0 would be a application breaker? It not ideal but with zero hope of TLSv1.2 being implemented within a compatible version of the Indy components it will do for now. Hopefully this may come in useful to anybody out there maintaining legacy Delphi applications that have suddenly discovered SSL errors.
The better news for CheckMail is that there are plans in the pipeline for a more modern cross platform solution utilising the latest development tools and technologies so keep an eye out for that.