Exim Advanced Editor configuration changes not synced

[nosajix]

I too am getting the error

TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

-> it happens when I try to connect using the mail program that comes with 2 seperate samsung devices, a s8 and a Galaxy Tab A running Android 7 with current updates.

Now heres the funny part, I attempted the above mentioned changes:

Options for OpenSSL: +no_sslv2
SSL/TLS Cipher Suite List: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

It seemed I had to change them both in the basic editor AND the advanced editor (changes didnt translate over) but STILL i get the same error.

I even tried to select the scary "Allow weak SSL/TLS ciphers" in the basic mode - couldnt find anything in the advanced. Still - same error and I am trying to tell my clients their modern devices from Google and Samsung are inferior. Its just not working out...

Centos 7.4 cpv 68.0.28

 

[nosajix]

*FIX*

Ok, so I reverted my exim config in both basic AND advanced (why they dont write eachother is still a mystery to me) BUT I replaced the Cipher list in my "mailserver configuration" (Home »Service Configuration »Mailserver Configuration) with this list:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

and voila connection made - no error 1408A0C1.

I'm having a beer now. Please let me know if I just opened up my servers to the Ruskie election hackers.
.

 

[cPanelMichael]

Ok, so I reverted my exim config in both basic AND advanced (why they dont write eachother is still a mystery to me)

The changes should in-fact remain synced. Feel free to open a support ticket if you'd like us to take a closer look to see why that's not happening on your system.

Thank you.

 

[rarod]

Ok, so I reverted my exim config in both basic AND advanced (why they dont write eachother is still a mystery to me).

The same for me. does anyone know if this is the expected behaviour?

 

[cPanelMichael]

Hello,

I moved these posts to a separate thread as it relates to a different issue (changes made in the Exim Advanced Editor not syncing).

The same for me. does anyone know if this is the expected behaviour?

Could you verify the exact steps you are taking and the version of cPanel installed on your system so we can attempt to reproduce this behavior? Also, does the /etc/exim.conf.local file exist on the system?

Thank you.

 

[rarod]

I tried to reproduce this, now when I modify in basic the change is done in advanced too.

 

[nosajix]

I apologize, I don't seem to be receiving forum notifications.

The problem may be getting deeper as I now am having trouble accepting emails from some places and getting :
[(SSL_accept) error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol] on some incoming messages.

 

[cPanelMichael]

The problem may be getting deeper as I now am having trouble accepting emails from some places and getting :
[(SSL_accept) error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol] on some incoming messages.

Hello,

That can happen if the client attempting to send the email isn't using a supported protocol. The topic is discussed on the following thread:

TLS error on connection issue

Thank you.

 

[nosajix]

cPanelMichael - thanks for your input but this is a fairly common mailer that is triggering this, is it really likely that Expedia is sending emails with this insecure protocol?

 

[cPanelMichael]

thanks for your input but this is a fairly common mailer that is triggering this, is it really likely that Expedia is sending emails with this insecure protocol?

Could you open a support ticket using the link in my signature so we can take a closer look?

Thank you.

 

[nosajix]

Im gonna hold off on the support ticket because the server company is working on it atm. I temporarily removed the +no_ssl2 flag from the exim config and the messages are now coming in. a bandaid I know but it just doesnt seem right.