TSL error on connection

Operating System & Version
CENTOS 6.10 kvm
cPanel & WHM Version
84.0.21

jamataran

Registered
Feb 22, 2020
1
0
1
28032, Madrid
cPanel Access Level
Root Administrator
Hi!

I'm having trouble with mi WHM's exim.

When some clients try send using SMTP over 465 they get TimeOut errors.
My log says:

Markdown (GitHub flavored):
2020-02-22 18:28:54 SMTP connection from [###.###.###.###]:50825 (TCP/IP connection count = 1)
2020-02-22 18:28:59 TLS error on connection from  [###.###.###.###]:50825 (SSL_accept): error:00000000:lib(0):func(0):reason(0)
I'm newbie in WHM administration and I need some help. Can anyone help me?
 

keat63

Well-Known Member
Nov 20, 2014
1,894
248
93
cPanel Access Level
Root Administrator
Are these Apple devices by any chance ??
I encountered something similar after a recent server migration on a number of apple devices.
I never fully got the the bottom of what the problem was, It was only after changing the ciphers that I got the Apple, devices to work.

Worth a try with these settings, however, please copy your current settings before changing.

In Exim Config, under security

Change 'Options for OPenSSL' to:

+no_sslv2 +no_sslv3

and

Change SSL/TLS Cipher Suite List to:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

I make no guarantees that these will work for you or that they won't have other implications, however, they worked for me.
Just remember to copy and paste your current settings to notepad etc before you start.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,255
313
Houston
When some clients try send using SMTP over 465 they get TimeOut errors.

You may also try using TLS over 587 - in a lot of devices it is assumed that 465 is an SSL connection only and modern OpenSSL options do not include SSL protocols only TLS v1.2 and v1.3