Symptoms
-
Old mail client such as Outlook 2007 is not able to send a mail via SSL/TLS.
-
The log file
/var/log/maillog
contains one of the following error messages from Postfix or Courier:courier-imaps: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
postfix/smtpd[17918]: warning: TLS library problem: 21146:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:postfix/smtpd: warning: TLS library problem: 7346:error:1408F10B:SSL routlines: SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1387
Cause
SSLv3 support was disabled.
Note: SSLv3 was removed from the core crypto libraries since RHEL 8. See the official documentation for details.
Resolution
Apply on of the following alternatives:
-
Upgrade Outlook version.
-
Connect to the server using SSH and enable backward compatibility with old mail clients:
-
Set
TLS_PROTOCOL=SSL23
in/etc/courier-imap/pop3d-ssl
and/etc/courier-imap/imapd-ssl
.Note: SSL23 will enable all SSL/TLS protocols.
-
Edit
/etc/postfix/main.cf
and set the following:smtp_tls_security_level = may
tls_medium_cipherlist = MEDIUM:!aNULL:!MD5 -
Reload both Postfix and Courier services:
# service postfix reload && service courier reload
-