4
TLS Negotiation failed
Problem reported by Scott Wilson - 10/18/2021 at 9:41 AM
Submitted
I'm getting this error from Gmail when trying to send mail to my instance of SmarterMail:

TLS Negotiation failed: FAILED_PRECONDITION: starttls error (71): 22306758296904:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:third_party/openssl/boringssl/src/ssl/tls_record.cc:242: 

I also get this error when I run my domain through a test service:Cannot convert to SSL (reason: SSL connect attempt failed error:1408F10B:SSL routines:ssl3_get_record:wrong version number) 

Any idea how to fix this?

16 Replies

Reply to Thread
0
Kyle Kerst Replied
Employee Post
Hey there Scott! This error looks to be a mismatch between the supported SSL/TLS versions on this client/server and your SmarterMail environment. What I typically recommend here is downloading and installing IISCrypto from Nartac Software. Once installed on the server, open it up and press the Best Practices button, then apply and save the changes before rebooting the server. This will configure Windows (and SmarterMail) to use only the supported versions of SSL/TLS and should bring it current with the sending environment. 

Please note however, that these changes can lead to older email clients and mobile devices running into similar errors when attempting to connect, so this is something you'll want to keep an eye out for. Please let me know if that helps. Have a good one!
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Scott Wilson Replied
Doesn't seem to make any difference. What I don't get is why would it start malfunctioning like this all of the sudden when before everything had been working fine.
0
Kyle Kerst Replied
Employee Post
I'm sorry to hear that Scott. Is it possible there were security changes on the underlying network itself? I've seen similar issues when AV or Firewall products proxy the SMTP session in order to scan it. Hopefully others can offer some guidance on this one too.
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Scott Wilson Replied
No changes like that have been made. Nothing particularly interesting about the firewall the server is behind, just a ordinary Netgear and Windows Firewall on the server itself is turned off.
0
Kyle Kerst Replied
Employee Post
Hey there Scott, and sorry for the delay on this. Something that might help here is determining exactly what cipher suites are supported on the client and server side. I found a guide that includes a script to do so here:


Additionally, you can use the SSL Website Tester I've linked below (be sure to choose the option to exclude your results from their dashboard) which will allow you to compare the supported/unsupported protocols and versions for both environments as well:


Let me know what you find out! :-)
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Tony Scholz Replied
Employee Post
Hello, 

To add to what Kyle said you can use WireShark to find out what cipher is being suggested.


Thank you
Tony Scholz
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Scott Wilson Replied
Okay I ran the following in OpenSSL and this is what it output:

openssl s_client -connect mydomain.com:25 -tls1_2

CONNECTED(000001A0)
64D00000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl\record\ssl3_record.c:355:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 210 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1634687859
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

Here's the output from the SSL tester:

Certificate #1: RSA 2048 bits (SHA256withRSA)
Server Key and Certificate #1

Subjectmail.example.com
Fingerprint SHA256: 72e50bf23a851df5650d889e9ecb543ffff6285a765a6154d5b204b7facff89c
Pin SHA256: A3NsqgAD5rrLG6PhuwF3QAKYxe6CRHwzLkX/+3wn9YA=
Common namesmail.example.com
Alternative names
Serial Number033d9dc3c494c0b7ac19eb7b8a436cd0da31
Valid fromFri, 01 Oct 2021 13:59:12 UTC
Valid untilThu, 30 Dec 2021 13:59:11 UTC (expires in 2 months and 10 days)
KeyRSA 2048 bits (e 65537)
Weak key (Debian)No
IssuerR3
AIA: http://r3.i.lencr.org/
Signature algorithmSHA256withRSA
Extended ValidationNo
Certificate TransparencyYes (certificate)
OCSP Must StapleNo
Revocation informationOCSP
OCSP: http://r3.o.lencr.org
Revocation statusGood (not revoked)
DNS CAANo (more info)
TrustedYes
Mozilla  Apple  Android  Java  Windows 

Additional Certificates (if supplied)

Certificates provided2 (2687 bytes)
Chain issuesNone
#2
SubjectR3
Fingerprint SHA256: 67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd
Pin SHA256: jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=
Valid untilMon, 15 Sep 2025 16:00:00 UTC (expires in 3 years and 10 months)
KeyRSA 2048 bits (e 65537)
IssuerISRG Root X1
Signature algorithmSHA256withRSA

Certification Paths

Click here to expand

Configuration
Protocols
TLS 1.3No
TLS 1.2Yes
TLS 1.1Yes
TLS 1.0Yes
SSL 3No
SSL 2No

Cipher Suites
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK128
# TLS 1.1 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK128
# TLS 1.0 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK128

Handshake Simulation
Android 2.3.7   No SNI 2Server closed connection
Android 4.0.4RSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Android 4.1.1RSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Android 4.2.2RSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Android 4.3RSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Android 4.4.2RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp521r1  FS
Android 5.0.0RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Android 6.0RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
Android 7.0RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
Android 8.0RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
Android 8.1RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
Android 9.0RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
Baidu Jan 2015RSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
BingPreview Jan 2015RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Chrome 49 / XP SP3RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
Chrome 69 / Win 7  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
Chrome 70 / Win 10RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
Chrome 80 / Win 10  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
Firefox 31.3.0 ESR / Win 7RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Firefox 47 / Win 7  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Firefox 49 / XP SP3RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Firefox 62 / Win 7  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Firefox 73 / Win 10  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Googlebot Feb 2018RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
IE 7 / VistaRSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
IE 8 / XP   No FS 1   No SNI 2Server closed connection
IE 8-10 / Win 7  RRSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
IE 11 / Win 7  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
IE 11 / Win 8.1  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
IE 10 / Win Phone 8.0RSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp384r1  FS
IE 11 / Win Phone 8.1  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   ECDH secp384r1  FS
IE 11 / Win Phone 8.1 Update  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
IE 11 / Win 10  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
Edge 15 / Win 10  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
Edge 16 / Win 10  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
Edge 18 / Win 10  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
Edge 13 / Win Phone 10  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
Java 6u45   No SNI 2Server closed connection
Java 7u25RSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA   ECDH secp521r1  FS
Java 8u161RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Java 11.0.3RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Java 12.0.1RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
OpenSSL 0.9.8yRSA 2048 (SHA256)  TLS 1.0TLS_RSA_WITH_AES_256_CBC_SHA  No FS
OpenSSL 1.0.1l  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
OpenSSL 1.0.2s  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
OpenSSL 1.1.0k  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
OpenSSL 1.1.1c  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 5.1.9 / OS X 10.6.8RSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Safari 6 / iOS 6.0.1RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 6.0.4 / OS X 10.8.4  RRSA 2048 (SHA256)  TLS 1.0TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA   ECDH secp521r1  FS
Safari 7 / iOS 7.1  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 7 / OS X 10.9  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 8 / iOS 8.4  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 8 / OS X 10.10  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 9 / iOS 9  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 9 / OS X 10.11  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 10 / iOS 10  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 10 / OS X 10.12  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 12.1.2 / MacOS 10.14.6 Beta  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Safari 12.1.1 / iOS 12.3.1  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Apple ATS 9 / iOS 9  RRSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
Yahoo Slurp Jan 2015RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp384r1  FS
YandexBot Jan 2015RSA 2048 (SHA256)  TLS 1.2TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   ECDH secp521r1  FS
# Not simulated clients (Protocol mismatch)
IE 6 / XP   No FS 1   No SNI 2Protocol mismatch (not simulated)

(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

Protocol Details
DROWNNo, server keys and hostname not seen elsewhere with SSLv2
(1) For a better understanding of this test, please read this longer explanation
(2) Key usage data kindly provided by the Censys network search engine; original DROWN website here
(3) Censys data is only indicative of possible key and certificate reuse; possibly out-of-date and not complete
Secure RenegotiationSupported
Secure Client-Initiated RenegotiationNo
Insecure Client-Initiated RenegotiationNo
BEAST attackNot mitigated server-side (more info)   TLS 1.0: 0xc014
POODLE (SSLv3)No, SSL 3 not supported (more info)
POODLE (TLS)No (more info)
Zombie POODLENo (more info)   TLS 1.2 : 0xc027
GOLDENDOODLENo (more info)   TLS 1.2 : 0xc027
OpenSSL 0-LengthNo (more info)   TLS 1.2 : 0xc027
Sleeping POODLENo (more info)   TLS 1.2 : 0xc027
Downgrade attack preventionNo, TLS_FALLBACK_SCSV not supported (more info)
SSL/TLS compressionNo
RC4No
Heartbeat (extension)No
Heartbleed (vulnerability)No (more info)
Ticketbleed (vulnerability)No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)No (more info)
OpenSSL Padding Oracle vuln.
(CVE-2016-2107)
No (more info)
ROBOT (vulnerability)No (more info)
Forward SecrecyWith modern browsers (more info)
ALPNNo
NPNNo
Session resumption (caching)Yes
Session resumption (tickets)No
OCSP staplingNo
Strict Transport Security (HSTS)No
HSTS PreloadingNot in: Chrome  Edge  Firefox  IE 
Public Key Pinning (HPKP)No (more info)
Public Key Pinning Report-OnlyNo
Public Key Pinning (Static)No (more info)
Long handshake intoleranceNo
TLS extension intoleranceNo
TLS version intoleranceNo
Incorrect SNI alertsNo
Uses common DH primesNo, DHE suites not supported
DH public server param (Ys) reuseNo, DHE suites not supported
ECDH public server param reuseYes
Supported Named Groupssecp521r1, secp384r1, secp256r1 (server preferred order)
SSL 2 handshake compatibilityNo

HTTP Requests
1 https://mail.example.com/  (HTTP/1.1 302 Found)

Miscellaneous
Test dateTue, 19 Oct 2021 23:59:12 UTC
Test duration97.258 seconds
HTTP status code200
HTTP server signature-
Server hostnamemail.example.com
0
Scott Wilson Replied
So what I don't understand is why would an email provider like Gmail even care if there was a problem with a SSL3 when I thought that was outdated and is not being used any longer.
0
Kyle Kerst Replied
Employee Post
@Scott - I think this report is showing you supporting TLS 1.0/1.1 as well but I can't see the pass/fail in the screenshot. Can you confirm? The error message itself is mentioning SSL, but I'm betting they're complaining about the TLS version more specifically. A lot of these types of errors tend to get lumped in under "SSL" though the protocol may vary. 

Edit: I figured out I can scroll over in your reply! Doh! You are supporting TLS 1.0/1.1, so thats likely what Google is complaining about. You can try running the Best Practices button on IISCrypto (https://www.nartac.com/Products/IISCrypto), saving the changes, then rebooting the Windows server environment before testing again and that should do the trick. If that doesn't work theres something else going on with the certificate or the network is passing back the wrong versions (firewall or proxy.)
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Scott Wilson Replied
So why would Google care if I also support TLS 1.0/1.1 in addition to 1.2 just as long as I support 1.2? 
0
Kyle Kerst Replied
Employee Post
That's a great question Scott. The only thing I can think of is that for some reason your server (or the underlying network) is setting the upper limit at 1.0 or 1.1, so Google never see's the 1.2. 
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Scott Wilson Replied
Oh man this sucks, I have nothing to go on to solve this. I just get the feeling it's a problem with these Let's Encrypt certificates.
0
Scott Wilson Replied
So if you're saying the underlying network is preventing TLS 1.2 why would the test tool see it and not Google? Could a bad Comcast Business modem cause something like this? Literally nothing has changed on my server or any of my network hardware. This is becoming a real problem since I can't get all of my mail along with a few other domains I manage for other people for almost a week now.
0
Kyle Kerst Replied
Employee Post
@Scott - It isn't preventing TLS 1.2, but is offering TLS 1.0 and 1.1 and I think this is what Google is complaining about. Ideally if you could submit a ticket on this I'd be happy to dig into it for you!
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Linda Pagillo Replied
Hey Scott. I'm very familiar with LetsEncrypt and SmarterMail. If you would like to shoot me an email directly, I will see what I can do to help you and then post the answer here if successful :)

Hi Kyle! Not trying to step on toes. Just trying to lend a hand if I can :) I have many deployments of SM and LE and have had a few issues which I was able to successfully solve.

Thanks!
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Kyle Kerst Replied
Employee Post
You're good Linda! I appreciate the help :-)
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread