Old mail clients not able to use SSL/TLS connection

Created:

2016-11-16 12:53:16 UTC

Modified:

2017-08-16 15:56:32 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Old mail clients not able to use SSL/TLS connection

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk Onyx for Linux

Symptoms

Old mail client such as Outlook 2007 is not able to send a mail via SSL/TLS.

/var/log/maillog contains the following error message from Postfix and Courier:

CONFIG_TEXT: courier-imaps: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
postfix/smtpd[17918]: warning: TLS library problem: 21146:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:

or

CONFIG_TEXT: postfix/smtpd: warning: TLS library problem: 7346:error:1408F10B:SSL routlines: SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1387

Cause

SSLv3 support was disabled.

Resolution

Connect to the server using SSH and enable backward compatibility with old mail clients:

  1. Set TLS_PROTOCOL=SSL23 in /etc/courier-imap/pop3d-ssl and /etc/courier-imap/imapd-ssl .

    Note . SSL23 will enable all SSL/TLS protocols.

  2. Edit /etc/postfix/main.cf and set the following:

    smtp_tls_security_level = maytls_medium_cipherlist = MEDIUM:!aNULL:!MD5

  3. Reload both Postfix and Courier services:

    # service postfix reload && service courier reload

Have more questions? Submit a request
Please sign in to leave a comment.