Your server does not support the connection encryption type

webtipster

Well-Known Member
Aug 27, 2016
55
8
58
Atlanta, GA
cPanel Access Level
Website Owner
For some weird reason Outlook 2010 is reporting error 0x800CCC1A "Your server does not support the connection encryption type you have specified".

Incoming port: 995
Checked: This server requires an encrypted connection (SSL)
Outgoing port: 465 / SSL

SSL is enabled on the server and plaintext is disabled.

I am able to send normally but cannot receive only from 2 computers, others are working fine. One is Outlook 2010 and the other is Outlook 2016. Tried Thunderbird and it works fine, it's just the Outlook.

Any ideas anyone?

Thanks in advance.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

Do you notice any specific output in /var/log/maillog or /var/log/exim_mainlog when this happens? Does it make a difference if you switch from "mail.domain.tld" to "domain.tld" as the mail server name in the email client configuration settings?

Thank you.
 

webtipster

Well-Known Member
Aug 27, 2016
55
8
58
Atlanta, GA
cPanel Access Level
Website Owner
Hi @cPanelMichael,

Thanks for your reply!

That's what's strange, did not see anything specific in any output. Tried switching from mail.domain to domain.tld and tried using server hostname, all with the same error. But what is strange is that this is only happening on the 2 computers that were already setup using POP3 accounts and when you try to update the ports to 995 with SSL it gives that error. But on the same computers, if I run thunderbird and install the email it works fine, only the Outlook with pre-existing email setup has the issue.

So I'm sure it's Outlook related error so I just enabled plaintext login for Exim as a work-around :).
 

ar.ripon

Member
Nov 26, 2017
14
2
3
Dhaka, Bangladesh
cPanel Access Level
Root Administrator
I have same issue as my cpanel version is 68.0.16. ssl working for thunderbird as well mobile mail client. But outlook is not support ssl as well as tls (995,465). Though 26 and 110 port is working on all outlook. im using domain.org for ssl and mail.domain.org for non-ssl.
Outlook shows below error:
login onto incoming mail server(pop3) : your server dows not support the connection encryption type you have specified.Try change encryption method.

The operation times out waiting for a response from the sending(SMTP) server.
 

osirion

Well-Known Member
Jan 16, 2007
54
4
158
I'm having the same issue. From what I can tell this is an Outlook issue. Some kind of SSL cache? I tried the 'clear ssl state' option in 'internet options' under 'content' tab - worked for some clients, not for others.
Same clients can access via webmail and other devices (phones / pc's) - so definitely a local issue.
Sometimes re-issuing the certificate appears to help, but not always.

Im going out my mind for the remaining clients that none of the above seem to work.
 

lorio

Well-Known Member
Feb 25, 2004
313
22
168
cPanel Access Level
Root Administrator

efuzone

Well-Known Member
Mar 17, 2011
81
1
58
cPanel Access Level
Root Administrator
Hello,

I have the same issue.. my cpanel version is latest one "v68.0.21" My customers with old outlook not able to send emails. They selected SSL and port 465.

My settings are:

+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 default

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 default

I changed it to:

+no_sslv2

ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

But i think there are many security risks. I have also disabled: Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server.

Please provide me something better to add there which is secure and work for all outlook users.
 
Last edited by a moderator:

lorio

Well-Known Member
Feb 25, 2004
313
22
168
cPanel Access Level
Root Administrator
Please provide me something better to add there which is secure and work for all outlook users.
Your old outlook customers are currently able to send emails? With the settings you state in your post? Since you're disabled "
Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server.
it might be possible that no encryption is used at all. Depends on the the client settings in Outlook as well. But you might check the exim logs to be sure that encryption is used at all.

I'm not aware of a 100% working solution for the older combos like Outlook 2003 and XP. In my test setup (with Outlook 2003 and XP) I was able to send emails from time to time. Very strange behavior. After 10-100 tries the email was accepted by Exim 4.89_1 with this cipher (TLSv1:DES-CBC3-SHA:168). Looks like Exim and Outlook need a lot of tries to get a successful handshake.

Educating customers is a minefield. But tweaking ciphers is a temporary solution. Your customers need to move to a working Outlook/OS combo. Or recommend Thunderbird if possible.