SSL_Accept Error

T

Ted Curvin

Member
Jan 15, 2019
6
1
3
Canada
cPanel Access Level
Root Administrator
Hey everyone,
Getting an SMTP error with a MFP copier which will not send scanned documents via e-mail. We have 5 of these machines, and all do the same thing.
Here is the error in the exim_mainlog:
SSL verify error: certificate name mismatch: DN="/OU=Domain Control Validated/OU=COMODO SSL Wildcard
TLS error on connection from [xxx.xxx.xxx.xxx]:45879 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

I have updated the MFP to the latest firmware, and that didn't help. I have tried a few different 'options for openssl' and 'ssl/tls cipher suite list' changes in the exim configuration manager with no luck. Any help would be great! Thanks
 
andrew.n

andrew.n

Well-Known Member
Jun 9, 2020
606
171
43
EU
cPanel Access Level
Root Administrator
Your printer is still using obsolete SSL protocols hence you are seeing the issue. I suggest to get in touch with their support to see how you can enable TLS support on the printer itself rather than allowing these vulnerably protocols on the server itself.
 
T

Ted Curvin

Member
Jan 15, 2019
6
1
3
Canada
cPanel Access Level
Root Administrator
Unfortunately they are DELL printers, and they are no longer supported as they no longer make printers. I tried to reach out to Lexmark as they actually made them for DELL, but they want no part of it. I did try to update the firmware to the latest Lexmark firmware which actually didn't give me any errors, but still uses outdated TLS protocols.
 
andrew.n

andrew.n

Well-Known Member
Jun 9, 2020
606
171
43
EU
cPanel Access Level
Root Administrator
Here are the options from where you can adjust the protocols:

How to Adjust Cipher Protocols | cPanel & WHM Documentation

This document lists the interfaces in cPanel & WHM in which you can adjust OpenSSL's protocols and cipher stacks for those services.
docs.cpanel.net docs.cpanel.net

The important is that you should allow SSLv2 SSLv3 ones. If you see this !SSLv2 !SSLv3 then they are disabled. This is strongly not advised though as they are very vulnerable.
 
T

Ted Curvin

Member
Jan 15, 2019
6
1
3
Canada
cPanel Access Level
Root Administrator
I do realize it is a risk, but I have 4 of these scanners that currently aren't working and people depend on them. I tried the above articles' solutions but still gives an error:
dropped: too many syntax or protocol errors
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S WHM and Cpanel is giving 500 internal server error as someone hacked Security 1
S Auto SSL Wing Error Security 1
B PHP error messages leaking server username Security 2
A AutoSSL certificate renew fail, pki-validation error 406 - file not acceptable Security 9
R ClamAV update error from cron Security 1
Similar threads
WHM and Cpanel is giving 500 internal server error as someone hacked
Auto SSL Wing Error
PHP error messages leaking server username
AutoSSL certificate renew fail, pki-validation error 406 - file not acceptable
ClamAV update error from cron
Top Bottom