(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

A lot of Web Hosting providers only allow newer versions of TLS ciphers to be used, so only will be available:

+no_sslv2 +no_sslv3

This is good security practice and should be followed on every cPanel setup. But if you have clients that use older versions of Outlook that use tlsv1/1.1 this will cause an error when they try to connect to email accounts:

SSL Connection has failed.


exim_mainlog:2022-09-09 18:02:10 SMTP connection from []:51785 (TCP/IP connection count = 2)
exim_mainlog:2022-09-09 18:02:10 TLS error on connection from 10-020-030-040.pcx3.com (PCx3) []:51785 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
exim_mainlog:2022-09-09 18:02:10 SMTP connection from 10-020-030-040.pcx3.com (PCx3) []:51785 closed by EOF


The recommended solution is for the end-user to update its email client, but if this is not an option, you can enable the use of the older TLS ciphers on cPanel from: WHM > Service Configuration > Exim Configuration Manager > Advanced Editor

image 20 1024x654 - (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Bear in mind that this is a server-wide setting and will affect all cPanel users.

Possible options:

  • all
  • allow_unsafe_legacy_renegotiation
  • cipher_server_preference
  • dont_insert_empty_fragments
  • ephemeral_rsa
  • legacy_server_connect
  • microsoft_big_sslv3_buffer
  • microsoft_sess_id_bug
  • msie_sslv2_rsa_padding
  • netscape_challenge_bug
  • netscape_reuse_cipher_change_bug
  • no_compression
  • no_session_resumption_on_renegotiation
  • no_sslv2
  • no_sslv3
  • no_ticket
  • no_tlsv1
  • no_tlsv1_1
  • no_tlsv1_2
  • single_dh_use
  • single_ecdh_use
  • ssleay_080_client_dh_bug
  • sslref2_reuse_cert_type_bug
  • tls_block_padding_bug
  • tls_d5_bug
  • tls_rollback_bug

Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.