Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim Advanced Editor configuration changes not synced

Discussion in 'E-mail Discussion' started by nosajix, Feb 10, 2018.

  1. nosajix

    nosajix Active Member

    Joined:
    Jul 30, 2005
    Messages:
    30
    Likes Received:
    1
    Trophy Points:
    158
    I too am getting the error
    Code:
    TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    -> it happens when I try to connect using the mail program that comes with 2 seperate samsung devices, a s8 and a Galaxy Tab A running Android 7 with current updates.

    Now heres the funny part, I attempted the above mentioned changes:

    Options for OpenSSL: +no_sslv2
    SSL/TLS Cipher Suite List: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

    It seemed I had to change them both in the basic editor AND the advanced editor (changes didnt translate over) but STILL i get the same error.

    I even tried to select the scary "Allow weak SSL/TLS ciphers" in the basic mode - couldnt find anything in the advanced. Still - same error and I am trying to tell my clients their modern devices from Google and Samsung are inferior. Its just not working out...

    Centos 7.4 cpv 68.0.28
     
  2. nosajix

    nosajix Active Member

    Joined:
    Jul 30, 2005
    Messages:
    30
    Likes Received:
    1
    Trophy Points:
    158
    *FIX*

    Ok, so I reverted my exim config in both basic AND advanced (why they dont write eachother is still a mystery to me) BUT I replaced the Cipher list in my "mailserver configuration" (Home »Service Configuration »Mailserver Configuration) with this list:
    Code:
    ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
    and voila connection made - no error 1408A0C1.

    I'm having a beer now. Please let me know if I just opened up my servers to the Ruskie election hackers.
    .
     
    #2 nosajix, Feb 10, 2018
    Last edited by a moderator: Feb 12, 2018
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,215
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The changes should in-fact remain synced. Feel free to open a support ticket if you'd like us to take a closer look to see why that's not happening on your system.

    Thank you.
     
  4. rarod

    rarod Active Member

    Joined:
    Apr 20, 2017
    Messages:
    26
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    The same for me. does anyone know if this is the expected behaviour?
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,215
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I moved these posts to a separate thread as it relates to a different issue (changes made in the Exim Advanced Editor not syncing).

    Could you verify the exact steps you are taking and the version of cPanel installed on your system so we can attempt to reproduce this behavior? Also, does the /etc/exim.conf.local file exist on the system?

    Thank you.
     
  6. rarod

    rarod Active Member

    Joined:
    Apr 20, 2017
    Messages:
    26
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I tried to reproduce this, now when I modify in basic the change is done in advanced too.
     
  7. nosajix

    nosajix Active Member

    Joined:
    Jul 30, 2005
    Messages:
    30
    Likes Received:
    1
    Trophy Points:
    158
    I apologize, I don't seem to be receiving forum notifications.

    The problem may be getting deeper as I now am having trouble accepting emails from some places and getting :
    [(SSL_accept) error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol] on some incoming messages.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,215
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    That can happen if the client attempting to send the email isn't using a supported protocol. The topic is discussed on the following thread:

    TLS error on connection issue

    Thank you.
     
  9. nosajix

    nosajix Active Member

    Joined:
    Jul 30, 2005
    Messages:
    30
    Likes Received:
    1
    Trophy Points:
    158
    cPanelMichael - thanks for your input but this is a fairly common mailer that is triggering this, is it really likely that Expedia is sending emails with this insecure protocol?
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,215
    Likes Received:
    1,759
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
  11. nosajix

    nosajix Active Member

    Joined:
    Jul 30, 2005
    Messages:
    30
    Likes Received:
    1
    Trophy Points:
    158
    Im gonna hold off on the support ticket because the server company is working on it atm. I temporarily removed the +no_ssl2 flag from the exim config and the messages are now coming in. a bandaid I know but it just doesnt seem right.
     
Loading...

Share This Page