Exim Advanced Editor configuration changes not synced

I too am getting the error

Code:

TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

-> it happens when I try to connect using the mail program that comes with 2 seperate samsung devices, a s8 and a Galaxy Tab A running Android 7 with current updates.

Now heres the funny part, I attempted the above mentioned changes:

Options for OpenSSL: +no_sslv2
SSL/TLS Cipher Suite List: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

It seemed I had to change them both in the basic editor AND the advanced editor (changes didnt translate over) but STILL i get the same error.

I even tried to select the scary "Allow weak SSL/TLS ciphers" in the basic mode - couldnt find anything in the advanced. Still - same error and I am trying to tell my clients their modern devices from Google and Samsung are inferior. Its just not working out...

Centos 7.4 cpv 68.0.28

 

*FIX*

Ok, so I reverted my exim config in both basic AND advanced (why they dont write eachother is still a mystery to me) BUT I replaced the Cipher list in my "mailserver configuration" (Home »Service Configuration »Mailserver Configuration) with this list:

Code:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

and voila connection made - no error 1408A0C1.

I'm having a beer now. Please let me know if I just opened up my servers to the Ruskie election hackers.
.

 

I apologize, I don't seem to be receiving forum notifications.

The problem may be getting deeper as I now am having trouble accepting emails from some places and getting :
[(SSL_accept) error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol] on some incoming messages.

 

cPanelMichael - thanks for your input but this is a fairly common mailer that is triggering this, is it really likely that Expedia is sending emails with this insecure protocol?

 

Im gonna hold off on the support ticket because the server company is working on it atm. I temporarily removed the +no_ssl2 flag from the exim config and the messages are now coming in. a bandaid I know but it just doesnt seem right.