SSL_Accept Error

T

Ted Curvin

Member
Jan 15, 2019
6
1
3
Canada
cPanel Access Level
Root Administrator
Hey everyone,
Getting an SMTP error with a MFP copier which will not send scanned documents via e-mail. We have 5 of these machines, and all do the same thing.
Here is the error in the exim_mainlog:
SSL verify error: certificate name mismatch: DN="/OU=Domain Control Validated/OU=COMODO SSL Wildcard
TLS error on connection from [xxx.xxx.xxx.xxx]:45879 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

I have updated the MFP to the latest firmware, and that didn't help. I have tried a few different 'options for openssl' and 'ssl/tls cipher suite list' changes in the exim configuration manager with no luck. Any help would be great! Thanks
 
andrew.n

andrew.n

Well-Known Member
Jun 9, 2020
328
70
28
EU
cPanel Access Level
Root Administrator
Your printer is still using obsolete SSL protocols hence you are seeing the issue. I suggest to get in touch with their support to see how you can enable TLS support on the printer itself rather than allowing these vulnerably protocols on the server itself.
 
T

Ted Curvin

Member
Jan 15, 2019
6
1
3
Canada
cPanel Access Level
Root Administrator
Unfortunately they are DELL printers, and they are no longer supported as they no longer make printers. I tried to reach out to Lexmark as they actually made them for DELL, but they want no part of it. I did try to update the firmware to the latest Lexmark firmware which actually didn't give me any errors, but still uses outdated TLS protocols.
 
andrew.n

andrew.n

Well-Known Member
Jun 9, 2020
328
70
28
EU
cPanel Access Level
Root Administrator
Here are the options from where you can adjust the protocols:

How to Adjust Cipher Protocols | cPanel & WHM Documentation

This document lists the interfaces in cPanel & WHM in which you can adjust OpenSSL's protocols and cipher stacks for those services.
docs.cpanel.net docs.cpanel.net

The important is that you should allow SSLv2 SSLv3 ones. If you see this !SSLv2 !SSLv3 then they are disabled. This is strongly not advised though as they are very vulnerable.
 
T

Ted Curvin

Member
Jan 15, 2019
6
1
3
Canada
cPanel Access Level
Root Administrator
I do realize it is a risk, but I have 4 of these scanners that currently aren't working and people depend on them. I tried the above articles' solutions but still gives an error:
dropped: too many syntax or protocol errors
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
nisamudeen97 Unable to sudo it shows error. Security 3
S [Error] Https redirect is not available because your server is not configured to support it Security 3
J mod_sec & apache error logs ssl:info entries Security 9
C error: rexec of /usr/sbin/sshd failed: No such file or directory Security 4
N SOLVED AutoSSL Error DNS does not mange Security 4
Similar threads
Unable to sudo it shows error.
[Error] Https redirect is not available because your server is not configured to support it
mod_sec & apache error logs ssl:info entries
error: rexec of /usr/sbin/sshd failed: No such file or directory
SOLVED AutoSSL Error DNS does not mange
Top Bottom