TLS handshake failure - v70.0.42

web-project

• May 18, 2018 17:16

After upgrade to the latest version of cPanel I have noticed that mail server accept only hostname as POP/IMAP/SMTP address, but cpanel is clearly shows different mail client manual settings. It seems to me the domain is redirecting to hostname and mail client check the hostname SSL certificate instead of domain name certificate, the SSL certificates are enabled for SNI SSL domain and hostname. from mail client I do get the following error log: [quote]Connecting to IMAP server domain.com on port 993 IMAP - Initiating TLS handshake IMAP - Certificate S/N: XXXXXXXXXX, algorithm: RSA (2048 bits), issued from 4/25/2016 to 7/24/2019 11:59:59 PM, for 2 host(s): name-hostname.com,
as for /var/log/maillog [quote]May 18 23:06:02 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=XX.XX.XX.XXX, lip=XX.XXX.XXX.XXX, TLS handshaking: SSL_accept() failed: error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied: SSL alert number 49, session=
could you point to right direction how to fix the bug?

• 

  web-project

  • May 18, 2018 22:20

  the Exim option for OpenSSL is set to [quote]+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 default
  and SSL/TLS Cipher Suite List: [quote]ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 default
  

  0
• 

  cPanelLauren

  • May 21, 2018 16:26

  This seems to indicate that there was a certificate mismatch, is the sending domain (i.e. the domain getting this error) a domain owned by you or present on your server? If so does the domain have an SSL? If it does have an SSL is the PTR record set to the hostname or the domain name? Have you modified /etc/mailhelo? Thanks!

  0

Please sign in to leave a comment.