SSL_accept error - Cipher insufficiently secure?

cipandales · June 23, 2021, 9:36pm

Hi,

I have some issues with configuring clients (Outlook - smtp server cannot be configured - SSL_accept error) with our Virtualmin server.
I added the following lines to main.cf to disable the insecure TLS/SSL versions (is this correct, should I add other configuration?):
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, TLSv1.2
smtpd_tls_protocols= !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, TLSv1.2
smtpd_tls_mandatory_ciphers = high

Testing https://en.internet.nl/ shows that the Cipher is EDH-RSA-DES-CBC3-SHA.

Can you please let me know how to change the ciphers to the most secure ones (where is the configuration file where the ciphers are declared/defined)?

Thank you

CentOS
7

cipandales · June 24, 2021, 11:04pm

Hi,

Any help here?

Thanks

cipandales · July 1, 2021, 4:07am

Please help,
Thanks

cipandales · July 7, 2021, 1:45am

Can you please help?

cipandales · August 6, 2021, 4:46pm

Can you please help?

creeble · August 11, 2021, 11:50pm

Are you sure Outlook isn’t complaining about the certificate name matching the host name?

Try:

openssl s_client -starttls smtp -connect your.server.com:587 -tls1

from a terminal somewhere and see if it connects. If it doesn’t (but it does when you set the last parm to -tls1_2), then the problem ain’t the protocol.

system · October 10, 2021, 11:51pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.