Mail Client Configuration - SSL

ImperialTrader

Well-Known Member
Aug 31, 2014
65
8
8
Egypt
cPanel Access Level
Root Administrator
Hi guys..
One of my clients is having SSL for his website but when he tried to setup the mail client on outlook, he found that (Secure SSL/TLS Settings) was not working and he could only use (Non-SSL Settings).
Check this screenshot: Screenshot
 

Jcats

Well-Known Member
PartnerNOC
May 25, 2011
741
135
168
32
New Jersey
www.bigscoots.com
cPanel Access Level
DataCenter Provider
Is it an older mail client / OS? There is a valid SSL on saferider.org so should work fine.

Are you using the default SSL options for exim/dovecot in WHM?

You might need to loosen up the default options a bit for those still running older OS / mail clients:

Would check out this thread: SOLVED - [CPANEL-28089] Dovecot TLS configuration reset upon update
 

ImperialTrader

Well-Known Member
Aug 31, 2014
65
8
8
Egypt
cPanel Access Level
Root Administrator
Is it an older mail client / OS? There is a valid SSL on saferider.org so should work fine.

Are you using the default SSL options for exim/dovecot in WHM?

You might need to loosen up the default options a bit for those still running older OS / mail clients:

Would check out this thread: SOLVED - [CPANEL-28089] Dovecot TLS configuration reset upon update
You are correct, I'm using older mail client & older OS.
As mentioned at your thread, the client should install a patch to his OS and I should also do some changes at my WHM.
I can do the changes at my WHM, but it's not easy to ask all my clients to install this patch to their OS :)
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,090
559
263
Houston
cPanel Access Level
DataCenter Provider
So one option in this instance is to modify the security configuration on the server to allow older ciphers and SSLv2/3 but keep in mind that when you do this you also lower the security of your server by allowing older and insecure protocols.
 

ImperialTrader

Well-Known Member
Aug 31, 2014
65
8
8
Egypt
cPanel Access Level
Root Administrator

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,090
559
263
Houston
cPanel Access Level
DataCenter Provider
In that specific instance, they are allowing TLSv1.0 which is vulnerable - POODLE, Heartbleed, and BEAST being among the named exploits associated with it, some of which also affect SSLv 3.0. Allowing this protocol can leave you susceptible to these which would severely lessen security. o

The standard as of right now is TLSv1.2 and while I understand it's difficult to get your clients to utilize newer mail clients, you must balance the safety/security of your server and the other clients present with the desire for ease of use. Ultimately this is your decision, I do just want to make sure you're aware of the security risks.
 
  • Like
Reactions: ImperialTrader