TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2.

Hi,

Since Microsoft started disabling some legacy TLS 1.0 and 1.1 requests my emails sent from unity have been failing more and more. This is expected as they are being disabled as mentioned here: New opt-in endpoint available for SMTP AUTH clients still needing legacy TLS - Microsoft Community Hub however I believe my code should be sending as version 1.2, which it is seemingly not.

I get this error: System.Net.Mail.SmtpException: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2. Visit Bing

I have tried modifying my code to resolve this. Sometimes it appears fixed, other times it does not. It’s hard to know for sure when a change has had an impact, or if this is just one of the times MS allows legacy requests through.

As far as I can tell my code should be being sent using TLS 1.2, but I still get errors, and the fact it’s happening more regularly is becoming a problem.

I’ve tried many suggestions from ( Unity 2017.1 - TLS 1.2 still not working with .NET 4.6 ), including toggling code stripping levels, .NET versions, etc, but still I get the error:

I am currently using Unity LTS 2020.3.21, testing in the editor, with the iOS platform.

My current code is as follows, but I’ve tried many variations.

SmtpClient smtpServer = new SmtpClient("smtp-mail.outlook.com");
        smtpServer.Port = 587;
        smtpServer.EnableSsl = true;
        smtpServer.UseDefaultCredentials = false;
        smtpServer.DeliveryMethod = SmtpDeliveryMethod.Network;
        smtpServer.Credentials = new System.Net.NetworkCredential("secretusername ", "secret password") as ICredentialsByHost;

        ServicePointManager.ServerCertificateValidationCallback = delegate (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };

        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
      
        smtpServer.SendCompleted += new SendCompletedEventHandler(SendCompletedCallback);
        smtpServer.SendAsync(mail, toEmail);

If anyone has suggestions on how to ensure TLS 1.2 is used, or whether the error message is obscuring another issue, I would love to know.

Thanks!

1 Like

This issue is unfortunately getting progressively worse.

Does anyone have any information that may help please?

I’m having exactly the same issue, and unfortunately, I haven’t been able to get it to work. One thing I’ve noticed upon inspecting SmtpClient.SecurityProtocol in the debugger was that it throws NotImplementedException, so I’m a bit worried that Unity’s .NET implementation is missing the critical parts needed to use TLS 1.2 in SmtpClient. None of the solutions I’ve found online are working in Unity. FYI, updating to 2021.2.4f1 didn’t solve it either.

Just submitted a bug report with a repro project. I’ll post here if I hear anything back from Unity.

Thanks! Fingers crossed.

Hi AGSMarcinDraszczuk, did you hear back from Unity at all yet?

Any luck thus far?

Hey. Did you hear anything back from unity?

Unfortunately, nothing yet.

Wow thats pretty bad for a publicly traded company

We just switched email services to one that wasn’t secured by TLS 1.2

Or just implement this serverside, however you want.
Doing this clientside isn’t really safe. You’re basically waving around your e-mail credentials, asking for trouble.

2 Likes

I have some good news - Unity was able to reproduce the issue and it is now up for voting in the issue tracker:

1 Like

I voted for it

1 Like

There is a work around for this issue:
__*https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/opt-in-exchange-online-endpoint-for-legacy-tls-using-smtp-auth*__
Connect to your 365 Exchange Online via Power Shell.
Connect to Exchange Online PowerShell | Microsoft Learn

Powershell commands:
To view the current status of the property, run the following command in Exchange Online PowerShell:
Get-TransportConfig | Format-List AllowLegacyTLSClients

Opt in to legacy client endpoint, run the following command:
Set-TransportConfig -AllowLegacyTLSClients $true

change your C# code:
SimpleEmailSender.emailSettings.STMPClient = “smtp-legacy.office365.com”.Trim();

Set TLS to 1.0
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls;

That’s assuming you (or your client) are able to modify the mail server configuration and are willing to modify it to use a deprecated safety protocol.

But good news is that the fix is in progress :
Fix In Review for 2022.2.X
Planned for 2020.3.X, 2021.3.X, 2022.1.X
(from the bug report details)

2 Likes

It looks like the fix has gone live. I’ll test soon, but fingers crossed!

1 Like

I spoke too soon. For now it’s just in 2022.2, still awaiting the LTS versions.

1 Like

Incase anyone is still watching this there are finally now also fixes for 2021 LTS too!

1 Like