MailStore – “Error message: Authentication failed because the remote party has closed the transport stream” when you connecting to the archive
Summary
In MailStore, when you’re connecting to the archive, the following error occurs:”Error message: Authentication failed because the remote party has closed the transport stream”. This is caused by SSL certificates that still use an MD5-hash based signature algorithm.
Cause
The only supported encryption protocols in the current version are TLS 1.2 and TLS 1.3. On recent Windows operating systems, TLS 1.2 is typically used for the connection between MailStore Client and MailStore Server. Microsoft Windows own Security Support Provider (SSP, also known as Secure Channel or Schannel) prohibits the use of MD5-hash based signature algorithms for connections that are secured with TLS 1.2. Thus, Schannel prohibits establishing a client/server connection if the certificate utilized by MailStore Server uses MD5-hash based signature algorithms.
Resolution
In the following scenarios, MD5-hash based signature algorithms may still be in use:
- Environments in which the self-signed SSL certificate created by the installer is used and where this certificate has initially been creating during the installation of MailStore Server 5 or older. In this case, follow the instructions in the Using Your Own SSL Certificate article in order to create a new self-signed certificate.
- Environments in which the certificate used by MailStore Server has been signed by an enterprise certificate authority (Enterprise CA) or a trusted root certificate authority (Trusted Root CA) and where the certificate signing request or the certificate itself used an MD5-hash based signature algorithm. Please note that these certificates were neither issued in recent years (approx. since 2010) nor are they supported by recent generations of web browsers. In this case, follow the instructions in the Using Your Own SSL Certificate article.