Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Email not working with ssl

Discussion in 'E-mail Discussion' started by panit, Nov 28, 2017.

  1. panit

    panit Member

    Joined:
    Aug 14, 2013
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I'm a hosting reseller. My host upgraded my dedicated server. After the upgrade none of my hosting members, and myself, can't send emails using secure mode. The email program fails with an authentication error. My host says the problem is on my end. Since some of my hosting members use different email programs than me, that would mean we are all making the same mistake or have broken programs all of a sudden. Plus, I have accounts on other servers with this host and secure mode works fine with them.

    My host did try looking at the old server and they enabled some old cyphers they thought might be the cause but nothing has worked. At this point, they are at a loss as to what to try and are convinced the problem is on my end. There's got to be a way to fix this. Telling my hosting members that using secure email isn't available is not an option. Since everything worked before and all that changed was cpanel, isn't this a cpanel problem?

    Cpanel V 68.0.16
     
  2. justjaph

    justjaph Member

    Joined:
    Oct 17, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Same here. maillog logs "TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<.....................>" and exim_mainlog is full of (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

    Running v68.0.16
     
  3. justjaph

    justjaph Member

    Joined:
    Oct 17, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Apparently v68 disables some "weak" ciphers on the mail services, breaking some old email clients compatibility.

    Try enabling "Allow weak ciphers" in the Exim configuration and modify the cipher suite under "mailserver configuration" to :

    ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

    Did the trick for me.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,353
    Likes Received:
    1,855
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice