Unable to connect to cPanel mail server via an email client: TLS handshaking: SSL_accept() failed

When connecting to a mail server over SSL via an email client (e.g. Outlook), connection fails with the following message:

Your server does not support the connection encryption type you have specified. Try changing the encryption method.

and in /var/log/maillog logfile one of the following error messages appear:

postfix/smtpd[25460]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=, lip=, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

The message is pretty self-explanatory: the email client is trying to initiate a connection via older and unsafe protocol. In WHM you can set the minimum SSL & TLS version to allow, by default on cPanel , SSL protocols SSLv2 and SSLv3 are disabled in Postfix/Dovecot configuration as these protocols are vulnerable to the POODLE attack.

So you have two options:

Either enable older unsafe TLSv1.1/v1.2, SSLv2/v3 protocol in Exim > Advanced Editor or use a newer email clients that support connections over newer SSL&TLS verions.

Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.