1
Secure Connection has failed...
Problem reported by Cris Mead - Yesterday at 9:48 AM
Submitted
Hello everyone, I've been getting a problem that seems to be happening more and more. Here are 2 examples:
  • [2025.03.03] 06:24:04.567 [....][30991313] Exception negotiating TLS session: The secure connection has failed due to an unsupported protocol such as TLS 1.0 or SSL 3.0. Authentication failed, see inner exception.
  • [2025.05.01] 18:41:27.923 [....][37827913] Exception negotiating TLS session: The secure connection has failed due to an unsupported protocol such as TLS 1.0 or SSL 3.0. Authentication failed, see inner exception..

We (receiving) have all TLS 1.3 as highest, and 1.2 is available on our side. Their (sending) end seems to be using 1.2 as highest

we are not getting the emails

1 Reply

Reply to Thread
1
Douglas Foster Replied
Encryption involves prorotol (TLS version), initial key exchange method, cipher suite for use after key exchange, and MAC algorithm to verify packet integrity.  Outbound, SM also requires a verifiable certificate.  So the problem can be a mismatch on those other options.  Sorry, but for inbound traffic, I am at a loss how to detect what setting created the problem.

We still receive TLS 1 traffic from important sources, so we allow weak TLS inbound, and we have not locked down those other settings aggressively.  Admittedly, that leaves all senders more vulnerable to a man in the middle attack., but what else to do?   In theory, a sender could detect and correct for encryption setup failures by switching to plaintext, but I have no confidence that senders will do so. More likely, they will just keep trying and repeating the failure. Hence, I take what they offer.

Outbound, we use a gateway that enforces TLS and valid certificates, but can redirect to secure web relay for destinations that do not meet our requirements.

Reply to Thread

Enter the verification text