SSL_Accept Error

T

Ted Curvin

Member
Jan 15, 2019
6
1
3
Canada
cPanel Access Level
Root Administrator
Hey everyone,
Getting an SMTP error with a MFP copier which will not send scanned documents via e-mail. We have 5 of these machines, and all do the same thing.
Here is the error in the exim_mainlog:
SSL verify error: certificate name mismatch: DN="/OU=Domain Control Validated/OU=COMODO SSL Wildcard
TLS error on connection from [xxx.xxx.xxx.xxx]:45879 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

I have updated the MFP to the latest firmware, and that didn't help. I have tried a few different 'options for openssl' and 'ssl/tls cipher suite list' changes in the exim configuration manager with no luck. Any help would be great! Thanks
 
andrew.n

andrew.n

Well-Known Member
Jun 9, 2020
519
138
43
EU
cPanel Access Level
Root Administrator
Your printer is still using obsolete SSL protocols hence you are seeing the issue. I suggest to get in touch with their support to see how you can enable TLS support on the printer itself rather than allowing these vulnerably protocols on the server itself.
 
T

Ted Curvin

Member
Jan 15, 2019
6
1
3
Canada
cPanel Access Level
Root Administrator
Unfortunately they are DELL printers, and they are no longer supported as they no longer make printers. I tried to reach out to Lexmark as they actually made them for DELL, but they want no part of it. I did try to update the firmware to the latest Lexmark firmware which actually didn't give me any errors, but still uses outdated TLS protocols.
 
andrew.n

andrew.n

Well-Known Member
Jun 9, 2020
519
138
43
EU
cPanel Access Level
Root Administrator
Here are the options from where you can adjust the protocols:

How to Adjust Cipher Protocols | cPanel & WHM Documentation

This document lists the interfaces in cPanel & WHM in which you can adjust OpenSSL's protocols and cipher stacks for those services.
docs.cpanel.net docs.cpanel.net

The important is that you should allow SSLv2 SSLv3 ones. If you see this !SSLv2 !SSLv3 then they are disabled. This is strongly not advised though as they are very vulnerable.
 
T

Ted Curvin

Member
Jan 15, 2019
6
1
3
Canada
cPanel Access Level
Root Administrator
I do realize it is a risk, but I have 4 of these scanners that currently aren't working and people depend on them. I tried the above articles' solutions but still gives an error:
dropped: too many syntax or protocol errors
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
R ClamAV update error from cron Security 1
S WHM 2 FA autentication not working without any error Security 1
A SOLVED Error: Convert the “id_rsa” key to PPK format Security 13
S JSON/SSL ERROR Security 3
H ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV. Security 2
Similar threads
ClamAV update error from cron
WHM 2 FA autentication not working without any error
SOLVED Error: Convert the “id_rsa” key to PPK format
JSON/SSL ERROR
ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.
Top Bottom