Mail Client Configuration - SSL

ImperialTrader

• September 08, 2019 10:38

Hi guys.. One of my clients is having SSL for his website but when he tried to setup the mail client on outlook, he found that (Secure SSL/TLS Settings) was not working and he could only use (Non-SSL Settings). Check this screenshot: Screenshot

• 

  Jcats

  • September 08, 2019 15:45

  Is it an older mail client / OS? There is a valid SSL on saferider.org so should work fine. Are you using the default SSL options for exim/dovecot in WHM? You might need to loosen up the default options a bit for those still running older OS / mail clients: Would check out this thread:

  0
• 

  ImperialTrader

  • September 09, 2019 11:12

  Is it an older mail client / OS? There is a valid SSL on saferider.org so should work fine. Are you using the default SSL options for exim/dovecot in WHM? You might need to loosen up the default options a bit for those still running older OS / mail clients: Would check out this thread:

  0
• 

  Jcats

  • September 09, 2019 13:07

  Yeah exactly, on a shared server its easier to just lower the security a bit, really no other option.

  0
• 

  ImperialTrader

  • September 09, 2019 15:07

  Yeah exactly, on a shared server its easier to just lower the security a bit, really no other option.

  
  Thank you :)

  0
• 

  cPanelLauren

  • September 09, 2019 21:31

  So one option in this instance is to modify the security configuration on the server to allow older ciphers and SSLv2/3 but keep in mind that when you do this you also lower the security of your server by allowing older and insecure protocols.

  0
• 

  ImperialTrader

  • September 10, 2019 17:18

  So one option in this instance is to modify the security configuration on the server to allow older ciphers and SSLv2/3 but keep in mind that when you do this you also lower the security of your server by allowing older and insecure protocols.

  
  Do you mean by following the "2nd Option" steps at this thread: Or something else?

  0
• 

  cPanelLauren

  • September 10, 2019 17:28

  In that specific instance, they are allowing TLSv1.0 which is vulnerable - POODLE, Heartbleed, and BEAST being among the named exploits associated with it, some of which also affect SSLv 3.0. Allowing this protocol can leave you susceptible to these which would severely lessen security. o The standard as of right now is TLSv1.2 and while I understand it's difficult to get your clients to utilize newer mail clients, you must balance the safety/security of your server and the other clients present with the desire for ease of use. Ultimately this is your decision, I do just want to make sure you're aware of the security risks.

  0

Please sign in to leave a comment.