[BlueOnyx:19219] Re: SSL3_GET_CLIENT_HELLO:no shared cipher
Michael Stauber
mstauber at blueonyx.it
Sat Feb 27 13:55:51 -05 2016
Hi Jim,
> I am seeing this error when I attempt to send a message via SMTP on my windows phone.
>
> error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher, session=<NhnscbIs9gCsOCF/>
This has nothing to do with the SSL certificate. Regardless if you use a
self signed cert, a Let's Encrypt or other real SSL cert.
It indicates that the client tried to connect to SSL/TLS and entered a
state of negotiation to find out what protocols and ciphers are
supported by both client and server. So that they can then use the best
option that they both support.
However: The client and the server could not agree on a common cipher
and that generated this error message.
Sometime last year (around spring/summer) we did some security hardening
on all BlueOnyx by default and locked down all relevant services to only
use the most secure protocols and ciphers.
See:
http://mail.blueonyx.it/pipermail/blueonyx/2015-June/035562.html
There were several updates related to this. Net result: We no longer
support SSLv3 on any service (neither POP3, IMAP or SMTP). Instead we
require TLSv1.0 or better. On EL6 or EL7 based BlueOnyx that would be
TLSv1.2 with fallbacks to TLSv1.1 or TLSv1.0 at the worst.
Your error message indicates your email clients tried to connect via
SSLv3, which we no longer support. Please configure the clients to use
TLS instead.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list