Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED TLS error log flooding

Discussion in 'E-mail Discussion' started by Mise, Dec 1, 2017.

  1. Mise

    Mise Active Member

    Joined:
    May 15, 2011
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    51
    Today the server is flooded with new TLS errors, and many customers are unable to send emails:

    /var/log/exim_mainlog :
    Code:
    2017-12-01 22:20:34 [11213] TLS error on connection from [x.x.x.x]:51484 I=[x.x.x.x.x]:465 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    2017-12-01 22:20:34 [11213] TLS client disconnected cleanly (rejected our certificate?)
    
    now some customers are able to send messages while others not.

    No change has been made and Exim options are by default. I wonder if some recent CPanel update with TLS or Exim ciphers it can be the cause of this serious problem.

    Please, somebody from the CPanel staff can explain how to solve this problem, or to restore the previous situation. Tickets support shows a warning it's very busy.
    This is very urgent!!!

    Thanks!
     
  2. Mise

    Mise Active Member

    Joined:
    May 15, 2011
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    51
    solved by myself.
    As I have suspected the later CPanel update was the cause. Many people have mail software which is not recent and they are connecting with TLS 1.

    Solved changing the ciphers with:
    Code:
    tls_require_ciphers = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:
    ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256
    :DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH
    -DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    and tsl options:
    openssl_options = +no_sslv2 +no_sslv3
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,699
    Likes Received:
    1,790
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice