Fixing SSL routines error SSL23_GET_CLIENT_HELLO:unknown protocol

If PHP scripts running under an old version of the language fail to connect to SMTP server under Directadmin, and in logs can you see lines containing "TLS error on connection from hostname":

2020-02-20 00:30:02 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020-02-20 00:33:01 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020-02-20 00:50:53 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020-02-20 00:55:09 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020-02-20 02:22:12 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020-02-20 03:24:59 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

here is a possible fix.

Enabling TLSv1.0 and TLSv1.1 in Exim

For this run as root:

touch /etc/exim.variables.conf.custom
echo 'openssl_options = +no_sslv2 +no_sslv3' >> /etc/exim.variables.conf.custom
echo 'tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS' >> /etc/exim.variables.conf.custom

cd /usr/local/directadmin/custombuild/
./build update
./build exim_conf

Please note TLSv1.0 and TLSv1.1 are considered to be deprecated and insecure. And if enabling them is the only possible solution for you, then you do it only on your own risk.

 

Still unable to fix the issue? Very Simple, contact Support to resolve it for you.

 

MangoXchange Webhosting Service

Was this article helpful?

mood_bad Dislike 0
mood Like 9
visibility Views: 616