Back to Community Threads
Clarify which SSL/TLS protocol (and maybe which cypher) is causing a security negociation failure error
Idea shared by Ionel Aurelian Rau - 12/19/2018 at 5:05 AM
Under Consideration
Hello!

At this moment in SM 17, Build 6925, when there is an exception negotiating the TLS session, this is the error message: 

[2018.12.19] 12:55:53.756 [REDACTED IP][32767278] cmd: STARTTLS
[2018.12.19] 12:55:53.756 [REDACTED IP][32767278] rsp: 220 Start TLS negotiation
[2018.12.19] 12:55:53.772 [REDACTED IP][37909520] rsp: 554 Security failure
[2018.12.19] 12:55:53.772 [REDACTED IP][37909520] Exception negotiating TLS session: The secure connection has failed due to an unsupported protocol such as TLS 1.0 or SSL 3.0. A call to SSPI failed, see inner exception..
[2018.12.19] 12:55:53.772 [REDACTED IP][37909520] disconnected at 12/19/2018 12:55:53 PM
It would be useful to know which of those cause the exception: TLS 1.0? SSL 3.0? How about if TLS 1.1 was used (the minimum which we accept), but with an unsupported cipher - is the message exactly the same?

This error message seems to generic and it would be very useful to clarify it. Or if this information is already present somewhere, please let me know where to look.

Thank you!
Employee Replied
12/20/2018 at 5:13 PM
Employee Post
Thanks for reaching out, Ionel! I've forwarded this request to the development team. I'll send you any updates I hear. 
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management
TLS 1.0/1.1 Deprecation InformationGeneral Topics
Remote Server returned: '602' errorSmarterMail > Troubleshooting