Email not working with ssl

panit

• November 28, 2017 10:47

I'm a hosting reseller. My host upgraded my dedicated server. After the upgrade none of my hosting members, and myself, can't send emails using secure mode. The email program fails with an authentication error. My host says the problem is on my end. Since some of my hosting members use different email programs than me, that would mean we are all making the same mistake or have broken programs all of a sudden. Plus, I have accounts on other servers with this host and secure mode works fine with them. My host did try looking at the old server and they enabled some old cyphers they thought might be the cause but nothing has worked. At this point, they are at a loss as to what to try and are convinced the problem is on my end. There's got to be a way to fix this. Telling my hosting members that using secure email isn't available is not an option. Since everything worked before and all that changed was cpanel, isn't this a cpanel problem? Cpanel V 68.0.16

• 

  justjaph

  • November 28, 2017 17:03

  Same here. maillog logs "TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<.....................>" and exim_mainlog is full of (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Running v68.0.16

  0
• 

  justjaph

  • November 28, 2017 17:40

  Apparently v68 disables some "weak" ciphers on the mail services, breaking some old email clients compatibility. Try enabling "Allow weak ciphers" in the Exim configuration and modify the cipher suite under "mailserver configuration" to : ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS Did the trick for me.

  0
• 

  cPanelMichael

  • November 28, 2017 18:35

  Hello, Check to see if the workaround on the following thread helps: Outlook 2016 Sending Email Fails After Cipher Suite Update Thank you.

  0

Please sign in to leave a comment.