• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved Postfix Warning: SSL alert number 40

lordnikkon

lordnikkon

New Pleskian
Hello,

I detect the following warning in the maillog. Not sure what it means:

Code: 
postfix/smtp[7211]: 137D4B9B50: Cannot start TLS: handshake failure
postfix/smtp[7211]: SSL_connect error to xxx.xxx.de[xx.x.x.xx]:25: -1
postfix/smtp[7211]: warning: TLS library problem: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40:

Any Ideas?
 
Have you configured custom cypher list in /etc/postfix/main.cf ? Try to set default.
 
No, I haven't configured anything. This is how it looks like:

Code: 
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
smtpd_tls_mandatory_protocols = TLSv1.2
smtpd_tls_protocols = TLSv1.2
 
lordnikkon said:
tls_medium_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
Click to expand...

On my test Plesk server I see:

tls_medium_cipherlist = EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH

Try it.
 
You must log in or register to reply here.

Similar threads

I
Resolved Error with certificate on Thunderbird
Replies
18
Views
12K
marvin
marvin
U
Question Postfix TLS issue
Replies
5
Views
2K
Kaspar
K
S
Resolved ssl3_read_bytes:sslv3 alert certificate expired
Replies
5
Views
24K
Ickov
I
M
Resolved Help request: SSL certificate seems to have trust issues. How to resolve?
Replies
4
Views
652
MHC_1
M
S
Question error trying to configure amazon ses in lightsail plesk
Replies
0
Views
2K
salvazuleta
S
Back
Top