Error trying to connect from QuickBooks Webmail interface
We have a Centos 7.8 server running Exim version 4.93-5 and are having problems connecting from the QuickBooks Webmail interface. I can connect using this interface to my Cox email account on port 587 with SSL/TLS so I have no reason to believe there is a problem with QuickBooks. When we try connecting to an email account on our server with either ports 465 or 587 with SSL/TLS, QuickBooks gives us one of those worthless lists of possible problems that includes about every possible problem. More revealing is what I am seeing monitoring the Exim log, which for both ports is this error:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
So far as the SSL/TLS is concerned we have left the Exim setting at their defaults.
Can anyone tell me how to proceed from here? How can I determine what ciphers QuickBooks has to share? Of course if anyone knows the fix for this problem that would be very welcome also.
-
I had issues with an apple mac which i'm convinced was down to ciphers. I can't say for sure if this is the same issue as you have. You mention that you've left the exim settings alone, but your status says that you are a web site owner. I'm not sure a web site owner has access to this, so I'm assuming that you are a root admin. ?? In exim config, under the security tab, make a note and copy your current 'options for open ssl' and 'ssl/tls cipher suite list' When you have a copy of these, try these settings instead. +no_sslv2 +no_sslv3 and ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS Provided you took a copy before making any changes, you should be able to roll back if it doesn't work for you. 0 -
Thanks with that configuration I was able to send email using port 587. I didn't try 465 yet. So this will get me going . I've set exim back to the defaults until I can figure out the minimum I need to add and subtract from the default configuration to get this working. The exim log has this is it which I think will help me narrow it down. 2020-07-20 14:11:01 1jxaFc-0000Jz-DM <= xxxxxxx@xxx.xxx H=ipxxx-xxx-xxx-xxx.tc.ph.cox.net (my-pc) [xxx-xxx-xxx-xxx]:54754 P=esmtpsa X=TLS1.2:ECDHE-RSA-AES128-SHA:128 CV=no A=dovecot_plain:xxxxxx@xxx.xxx S=71143 id=560278def69f029ddb1291f4ca63ff65@smy-pc T="Invoice 13 from DesignbySteve" for xxxxx@cox.net 0 -
@keat63 the suggestion was right - that error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
This indicates that the server does not have a cipher added which Quickbooks supports. @RetiredAF if 587 which uses STARTTLS functions with the custom cipher list you should be ok but I'm unsure which ciphers Quickbooks would specify and I was unable to find much in their documentation beyond the standard instructions for the big email service provider companies.0 -
I found that just adding ECDHE-RSA-AES128-SHA to the end of the default SSL/TLS Cipher Suite List in exim was enough for me to send email from QuickBook on port 587, SSL/TLS/ Now I wish I knew if there is something flakey about that cipher, and if there's not, why isn't part of the default exim SSL/TLS Cipher Suite List ? Anyone know or know how to find out? 0 -
It looks like an older broad compatibility SSLv3 cipher per SSL Cipher Strength Details 0
Please sign in to leave a comment.
Comments
5 comments