Exim Advanced Editor configuration changes not synced

nosajix

Well-Known Member
Jul 30, 2005
65
3
158
I too am getting the error
Code:
TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
-> it happens when I try to connect using the mail program that comes with 2 seperate samsung devices, a s8 and a Galaxy Tab A running Android 7 with current updates.

Now heres the funny part, I attempted the above mentioned changes:

Options for OpenSSL: +no_sslv2
SSL/TLS Cipher Suite List: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

It seemed I had to change them both in the basic editor AND the advanced editor (changes didnt translate over) but STILL i get the same error.

I even tried to select the scary "Allow weak SSL/TLS ciphers" in the basic mode - couldnt find anything in the advanced. Still - same error and I am trying to tell my clients their modern devices from Google and Samsung are inferior. Its just not working out...

Centos 7.4 cpv 68.0.28
 

nosajix

Well-Known Member
Jul 30, 2005
65
3
158
*FIX*

Ok, so I reverted my exim config in both basic AND advanced (why they dont write eachother is still a mystery to me) BUT I replaced the Cipher list in my "mailserver configuration" (Home »Service Configuration »Mailserver Configuration) with this list:
Code:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
and voila connection made - no error 1408A0C1.

I'm having a beer now. Please let me know if I just opened up my servers to the Ruskie election hackers.
.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Ok, so I reverted my exim config in both basic AND advanced (why they dont write eachother is still a mystery to me)
The changes should in-fact remain synced. Feel free to open a support ticket if you'd like us to take a closer look to see why that's not happening on your system.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Hello,

I moved these posts to a separate thread as it relates to a different issue (changes made in the Exim Advanced Editor not syncing).

The same for me. does anyone know if this is the expected behaviour?
Could you verify the exact steps you are taking and the version of cPanel installed on your system so we can attempt to reproduce this behavior? Also, does the /etc/exim.conf.local file exist on the system?

Thank you.
 

nosajix

Well-Known Member
Jul 30, 2005
65
3
158
I apologize, I don't seem to be receiving forum notifications.

The problem may be getting deeper as I now am having trouble accepting emails from some places and getting :
[(SSL_accept) error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol] on some incoming messages.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
The problem may be getting deeper as I now am having trouble accepting emails from some places and getting :
[(SSL_accept) error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol] on some incoming messages.
Hello,

That can happen if the client attempting to send the email isn't using a supported protocol. The topic is discussed on the following thread:

TLS error on connection issue

Thank you.
 

nosajix

Well-Known Member
Jul 30, 2005
65
3
158
cPanelMichael - thanks for your input but this is a fairly common mailer that is triggering this, is it really likely that Expedia is sending emails with this insecure protocol?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
thanks for your input but this is a fairly common mailer that is triggering this, is it really likely that Expedia is sending emails with this insecure protocol?
Could you open a support ticket using the link in my signature so we can take a closer look?

Thank you.
 

nosajix

Well-Known Member
Jul 30, 2005
65
3
158
Im gonna hold off on the support ticket because the server company is working on it atm. I temporarily removed the +no_ssl2 flag from the exim config and the messages are now coming in. a bandaid I know but it just doesnt seem right.