Symptoms
-
When connecting to a mail server over SSL via an email client (e.g. Outlook), connection fails:
Your server does not support the connection encryption type you have specified. Try changing the encryption method.
-
One of the following error messages appears in the
/var/log/mailloglogfile:postfix/smtpd[25460]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=203.0.113.2, lip=203.0.113.3, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Cause
TLSv1, SSLv3 or SSLv2 protocol support, which is required for old email clients/old software (e.g, WinHTTP-based applications on Windows 7) is disabled in Postfix/Dovecot configuration.
By default, SSL protocols SSLv2 and SSLv3 are disabled in Postfix/Dovecot configuration as these protocols are vulnerable to…
with