In Outlook server doesn't support the encryption method specified error
Yesterday when i setup a new VPS server, after migrating and changing nameserver, my client cannot send nor receive emails from my VPS server through Outlook. Doesn't matter which Outlook version, but if it using Windows 7 OS PC, i'll get an error 0x800CCC1A that saying my server doesn't support the encryption method specified. But if it using Windows 10, it can receive and sent emails normally.
I even had copy my Exim configuration from the old VPS using transfer tools, but the result is the same. Then i'm trying to update the "SSL/TLS Cipher Suite List" and "Options for OpenSSL" as this
-
Just to get you going -- I would expect you to make a determination whether or not to use these settings long term. Dovecot: SSL Cipher List: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSL Protocols: !SSLv2 !SSLv3
Exim [Home --> Service Configuration --> Exim Configuration Manager --> Security]Options for OpenSSL: +no_sslv2 +no_sslv3 SSL/TLS Cipher Suite List: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
/scripts/restartsrv_dovecot /scripts/restartsrv_exim NOTE: Make sure you make note of your current configuration. If the above info doesn't work for you, revert back. If you use this information and then suddenly something doesn't start back up, I can't help you. It's easy to revert back if you have kept a record of the previous settings. Mike0 -
Just to get you going -- I would expect you to make a determination whether or not to use these settings long term. Dovecot:
SSL Cipher List: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSL Protocols: !SSLv2 !SSLv3
Exim [Home --> Service Configuration --> Exim Configuration Manager --> Security]Options for OpenSSL: +no_sslv2 +no_sslv3 SSL/TLS Cipher Suite List: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
/scripts/restartsrv_dovecot /scripts/restartsrv_exim NOTE: Make sure you make note of your current configuration. If the above info doesn't work for you, revert back. If you use this information and then suddenly something doesn't start back up, I can't help you. It's easy to revert back if you have kept a record of the previous settings. Mike
Thanks for the fast response Mike! But sorry, i don't understand what do you mean by this one?:Dovecot: SSL Cipher List: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSL Protocols: !SSLv2 !SSLv30 -
Dovecot is the IMAP/POP3 server, and you need to make sure that it's SSL/TLS settings work with Outlook as well. WHM --> Service Configuration --> Mailserver Configuration In there you'll see the SSL Cipher List and SSL Protocols sections if you are running Dovecot. If you are just making changes to Exim, that only handles any issues you may have been having _sending_ mail with Outlook. If you have issues _receiving_ mail with Outlook, that's all Dovecot. Mike 0 -
Dovecot is the IMAP/POP3 server, and you need to make sure that it's SSL/TLS settings work with Outlook as well. WHM --> Service Configuration --> Mailserver Configuration In there you'll see the SSL Cipher List and SSL Protocols sections if you are running Dovecot. If you are just making changes to Exim, that only handles any issues you may have been having _sending_ mail with Outlook. If you have issues _receiving_ mail with Outlook, that's all Dovecot. Mike
I see.. Thanks Mike for this great explanation! I'll update the result here soon! :)0 -
You should also read the following thread [to make sure your Windows 7 is as up to date as it can be with regard to supporting various SSL/TLS options, etc. After all, the only ones with problems sending/receiving emails with the cPanel-preferred SSL/TLS settings for services are those running outdated operating systems, operating systems that haven't been updated, or email clients that haven't been updated. If you can fix the email client / client computer, you don't have to lower security on the server side. Mike 0 -
You should also read the following thread [to make sure your Windows 7 is as up to date as it can be with regard to supporting various SSL/TLS options, etc. After all, the only ones with problems sending/receiving emails with the cPanel-preferred SSL/TLS settings for services are those running outdated operating systems, operating systems that haven't been updated, or email clients that haven't been updated. If you can fix the email client / client computer, you don't have to lower security on the server side.
0 -
Just to get you going -- I would expect you to make a determination whether or not to use these settings long term. Dovecot:
SSL Cipher List: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSL Protocols: !SSLv2 !SSLv3
Exim [Home --> Service Configuration --> Exim Configuration Manager --> Security]Options for OpenSSL: +no_sslv2 +no_sslv3 SSL/TLS Cipher Suite List: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
/scripts/restartsrv_dovecot /scripts/restartsrv_exim NOTE: Make sure you make note of your current configuration. If the above info doesn't work for you, revert back. If you use this information and then suddenly something doesn't start back up, I can't help you. It's easy to revert back if you have kept a record of the previous settings. Mike
Thanks a lot Mike! This actually works!!! I don't believe this!!! :DHello @IRZQ88 I also want to point out that rather than allow SSLv2 or SSLv3 you should first have your client add the Microsoft patch for TLSv1.2
0 -
Great! Please let us know how it works out and if you have any further issues. Thanks! 0 -
Great! Please let us know how it works out and if you have any further issues. Thanks!
Hi Lauren. I have same problem, and I applied the fix and now users can receive email but they can't send. Do you know what could it be? Thanks in advance for your help.0 -
Hi @Jorge Tobon Is there an error or notification when the user attempts to send mail? 0
Please sign in to leave a comment.
Comments
11 comments