GMail SMTP STARTTLS on Port 587 no longer works

Question

My company has 4 different third party applications that use 4 different gmail addresses to send mail over port 587. One of the applications is distributed across over a hundred clients.

All four apps stopped working last week. I've been struggling to figure this out with GSuite support for the past week and they have so far been very unhelpful. One representative pointed to this recent update as the likely culprit: https://gsuiteupdates.googleblog.com/2020/04/improve-email-security-in-gmail-with-TLS.html

But I don't have a ton of experience with mail servers and much of this is going over my head. I'm not sure why exactly the above update cause our apps to stop working.

The apps are failing to establish a TLS connection to the server and result in the following error:

handshake failure
Closing connection in response to fatal SSL/TLS alert.    
Aborting handshake due to fatal alert

This comes after receiving a "Ready to start TLS" response from the smtp.gmail.com server.

All of the apps are using the Chilkat Mailman Active X component for the mail features. https://www.chilkatsoft.com/refdoc/xChilkatMailManRef.html

Assuming the recent update is the actual culprit, I'm wondering if someone can explain why this caused our applications to stop working? Has GMail stopped supporting StartTLS? I also need to know if there is anything we can do from our GSuite account to get this working again without having to update over a hundred client applications.

The first support rep I spoke to suggested doing the following in the google admin console:

Apps -> G Suite -> Settings for GMail -> Advanced Settings -> Secure transport (TLS) compliance:

We unchecked the "Require CA-signed certificate" box and saved the setting. This has not resolved our problem.

The support rep also briefly mentioned the "Alternate Secure Route" setting in Gmail advanced settings, but I'm not sure if he knew what he was talking about or if this is applicable to our issue.

Edit

It looks like this is a combination of the GMail server update and some sort of incompatibility in the Chilkat mail component. I tried testing with a trial of a newer version of the component and SMTP works using the same settings with this component.

The developer of the component says he is not able to help me with this issue unfortunately. So I'm still wondering why the GMail server update caused the old component to stop playing nicely. I'm hoping that if I can understand what the specific change is, I can find a solution that doesn't require a major rollout.

Answer 1

My java mail client also just stopped working not long ago. I was using TLS connection as well. I got authentication errors.

I look forward to your findings!

-- I found my issue: https://myaccount.google.com/u/1/lesssecureapps was no longer less security