Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email not working with ssl

Discussion in 'E-mail Discussions' started by panit, Nov 28, 2017.

  1. panit

    panit Member

    Joined:
    Aug 14, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I'm a hosting reseller. My host upgraded my dedicated server. After the upgrade none of my hosting members, and myself, can't send emails using secure mode. The email program fails with an authentication error. My host says the problem is on my end. Since some of my hosting members use different email programs than me, that would mean we are all making the same mistake or have broken programs all of a sudden. Plus, I have accounts on other servers with this host and secure mode works fine with them.

    My host did try looking at the old server and they enabled some old cyphers they thought might be the cause but nothing has worked. At this point, they are at a loss as to what to try and are convinced the problem is on my end. There's got to be a way to fix this. Telling my hosting members that using secure email isn't available is not an option. Since everything worked before and all that changed was cpanel, isn't this a cpanel problem?

    Cpanel V 68.0.16
     
  2. justjaph

    justjaph Member

    Joined:
    Oct 17, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Same here. maillog logs "TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<.....................>" and exim_mainlog is full of (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

    Running v68.0.16
     
  3. justjaph

    justjaph Member

    Joined:
    Oct 17, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Apparently v68 disables some "weak" ciphers on the mail services, breaking some old email clients compatibility.

    Try enabling "Allow weak ciphers" in the Exim configuration and modify the cipher suite under "mailserver configuration" to :

    ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

    Did the trick for me.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page