Mailing List CGatePro@mail.stalker.com Message #106229
From: Christoph Roethlisberger <christoph.roethlisberger@iway.ch>
Subject: Re: SMTP incoming SSL problems
Date: Tue, 25 Oct 2016 15:24:03 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Hi

You most likely need to enable "CBC Ciphers for old TLS" in that case.
This is also required to communicate with the GMail servers for example, as otherwise there seems to be no compatible ciphers between CGPro and GMail.

regards
Christoph Roethlisberger

---------------------------------------------------------
iway AG
christoph.roethlisberger@iway.ch -:- http://www.iway.ch
---------------------------------------------------------


Tuesday, October 25, 2016, 3:17:47 PM, you wrote:

> Hi,

> I have the same problem on an installation with CGP 6.1.6.

> "Accept SSLv2 'hello'" is already enabled!

> I raised logging of TLS to max and got the following lines:

> 15:04:50.090 4 SMTPI-593379([46.14.xx.xx]:59235) [192.168.xx.xx]:25 <- [46.14.xx.xx]:59235 incoming connection(mydomain.dom)
> 15:05:17.092 5 SMTPI-593379([46.14.xx.xx]:59235) out: 220 mydomain.dom ESMTP CommuniGate Pro 6.1.6\r\n
> 15:05:17.112 5 SMTPI-593379([46.14.xx.xx]:59235) inp: EHLO mail.yourdomain.dom
> 15:05:17.166 5 SMTPI-593379(mail.yourdomain.dom) out: 250-mydomain.dom is pleased to meet you\r\n250-DSN\r\n250-SIZE 31457280\r\n250-STARTTLS\r\n250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI\r\n250-ETRN\r\n250-TURN\r\n250-ATRN\r\n250-NO-SOLICITING\r\n250-8BITMIME\r\n250-HELP\r\n250-PIPELINING\r\n250 EHLO\r\n
> 15:05:17.191 5 SMTPI-593379(mail.yourdomain.dom) inp: STARTTLS
> 15:05:17.191 5 SMTPI-593379(mail.yourdomain.dom) out: 220 please start a TLS connection\r\n
> 15:05:17.211 5 SMTPI-593379 TLS inp(157): 16 03 01 00 98 01 00 00 94 03 01 25 36 4E BE 2F B4 5E 90 07 A8 96 50 B6 3E F7 C1 98 6F 01 23 4B E3 FF 4E 96 C2 EA 78 79 FD 14 B8 00 00 26 C0 14 C0 0A C0 0F C0 05 00 39 C0 13 C0 09 C0 0E C0 04 00 33 C0 12 C0 08 C0 0D C0 03 00 16 00 35 00 2F 00 0A 00 FF 01 00
> 15:05:17.211 4 SMTPI-593379 TLSvX h-inp (148): client_hello
> 15:05:17.211 5 SMTPI-593379 unknown TLS client extension 0xF (1)
> 15:05:17.411 5 SMTPI-593379 TLS out<21> (2): 02 2F
> 15:05:17.411 5 SMTPI-593379 handshaker released
> 15:05:17.411 3 SMTPI-593379(mail.yourdomain.dom) failed to accept a secure connection for DOMAIN(mydomain.dom). Error Code=none of client TLS cipher methods is supported
> 15:05:17.411 5 SMTPI-593379 TLS out<21> (2): 02 0A
> 15:05:17.411 5 SMTPI-593379 TLS released
> 15:05:17.411 4 SMTPI-593379(mail.yourdomain.dom) closing connection
> 15:05:17.411 4 SMTPI-593379(mail.yourdomain.dom) releasing stream


> What else to enable / disable?


> Marcel


> +---
> mailto:mhochuli@a-f.ch
> otherto:noway@a-f.ch
> _______________________________________



>> Am 25.04.2016 um 16:20 schrieb Technical Support <support@stalker.com>:

>> Hello,

>> On 2016-04-21 21:34, Kurt Albershardt wrote:
>>> I'm getting these in the logs from a couple of providers and can't find
>>> any references to the string online:

>>> ....failed to accept a secure connection for DOMAIN(nv.net). Error
>>> Code=SSLv2 hello is not supported

>> For this one enable "Accept SSLv2 'hello'" in WebAdmin -> Settings -> General -> Other -> TLS Sessions.

>> --
>> Best regards,
>> Dmitry Akindinov

>> =======================================================================
>> When answering to letters sent to you by the tech.support staff, make
>> sure the original message you have received is included into your
>> reply.

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster