Skip to main content

SSL23_GET_CLIENT_HELLO:unknown protocol

Zachary Karr
  • Updated

Symptoms

 

The Exim error_log shows messages similar to the following:

 

TLS error on connection from [192.168.1.1]:47082 (SSL_accept (TLSv1.2)): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

 

Description 

 

The error is caused by an email client attempting to connect to a server that does not support the TLS protocols that are currently enabled.

 

Workaround

 

The most secure option is to use an email client that supports TLS 1.2 or newer security protocols. The protocols and ciphers currently enabled on the server can be checked with the following command:

 

nmap -sV --script ssl-enum-ciphers -p 465,993 [server]

 

Replace the "[server]" string with the server's IP or the affected domain.

 

We have additional information on how to adjust your server's SSL protocols here:

 

How to Update Ciphers and TLS Protocols

 

 

Related articles

Comments

0 comments

Article is closed for comments.