Mail service is down: Invalid TLS protocol list

Created:

2016-11-16 12:42:32 UTC

Modified:

2017-08-08 13:29:56 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Mail service is down: Invalid TLS protocol list

Applicable to:

  • Plesk 12.5 for Linux

Symptoms

Mail server is not accessible. maillog file contain the following:

Nov 23 21:20:50 plesk67 postfix/smtpd[291948]: warning: Invalid TLS protocol list "TLSv1 TLSv1.1 TLSv1.2": disabling TLS support
Nov 23 20:31:10 plesk67 dovecot: pop3-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'TLSv1.1'

Cause

Old OpenSSL version installed not supported TLS v1.1+

Resolution

It can be resolved by one of following:

  • upgrade openssl package to version having TLS v1.1 supported

Or

  • Put the following lines in your configuration file, or modify existing: in `/etc/dovecot/conf.d/11-plesk-security-ssl.conf``

    ssl_protocols = !SSLv2 !SSLv3
  • in /etc/postfix/main.cf

    smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
    smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
    smtpd_tls_protocols=!SSLv2,!SSLv3
    smtp_tls_protocols=!SSLv2,!SSLv3
Have more questions? Submit a request
Please sign in to leave a comment.