I put together the following overview of this topic for anyone seeing this thread for the first time:
Attempting to send or receive emails using email applications or operating systems which lack support for Transport Layer Security (TLS) Version 1.2 can result in error messages such as the one below:
error (0x800CCC1A) : 'Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.'
Do you know of any additional error messages that should appear above? Reply to this thread to let us know! Thanks!
Exim and Dovecot utilize OpenSSL as a means of providing secure connections between email applications and your server. Here's a quote from our documentation describing OpenSSL's two primary settings:
OpenSSL allows two primary settings: ciphers and protocols.
- A cipher refers to a specific encryption algorithm. This setting allows the user to enable or disable ciphers individually or by category.
- A protocol refers to the way in which the system uses ciphers. This setting allows the user to enable or disable individual protocols or categories of protocols.
TLS version 1.2 is enabled as the default protocol for cPanel & WHM services (e.g. Exim, Dovecot). Thus, if an email application or operating system does not support the use of TLS version 1.2, then attempts to send or receive email will fail with errors like the one included above.
Modifying the default cipher and protocol settings for Exim and Dovecot in order to permit less secure connections between legacy email applications and your cPanel & WHM server is not
recommended. While such actions are effective at quickly restoring the ability for legacy email applications to send and receive email, it comes at the expense of operating a less secure server.
The recommended approach is to communicate this security knowledge to the person using the legacy email application and/or legacy operating system. Encourage updates to, and adoption of, email applications and operating systems that support modern cipher and protocol requirements.
Or, in the case of users experiencing this issue on Windows 7, it's possible to enable TLS 1.2 using the instructions in the document linked below:
How To Configure Microsoft Windows 7 to use TLS Version 1.2
For more technical details about Cipher/Protocol settings and overall SSL logic with cPanel & WHM, see the below documents:
How To Adjust Cipher Protocols
Guide To SSL
SSL Installation and Precedence Logic
What about TLS version 1.3?
You can track the status of TLS 1.3 support on the following feature request: Support For TLS 1.3
Feel free to reply to this thread with any additional questions or feedback related to this topic.