DirectAdmin Knowledge Base and Support

DirectAdmin is a web panel for a simple administration of both virtual and dedicated servers. DirectAdmin is faster, safe and more powerful than any other CP. And we know how to customize and support it.

Fixing SSL routines error SSL23_GET_CLIENT_HELLO:unknown protocol

| 02:33:46 20.02.2020

If PHP scripts running under an old version of the language fail to connect to SMTP server under Directadmin, and in logs can you see lines containing "TLS error on connection from hostname":

2020-02-20 00:30:02 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020-02-20 00:33:01 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020-02-20 00:50:53 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020-02-20 00:55:09 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020-02-20 02:22:12 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020-02-20 03:24:59 TLS error on connection from localhost (www.poralix.com) [127.0.0.1] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

here is a possible fix.

Enabling TLSv1.0 and TLSv1.1 in Exim

For this run as root:

touch /etc/exim.variables.conf.custom
echo 'openssl_options = +no_sslv2 +no_sslv3' >> /etc/exim.variables.conf.custom
echo 'tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS' >> /etc/exim.variables.conf.custom
cd /usr/local/directadmin/custombuild/ ./build update ./build exim_conf

Please note TLSv1.0 and TLSv1.1 are considered to be deprecated and insecure. And if enabling them is the only possible solution for you, then you do it only on your own risk.

That's it.

About Us
We are a team of professionals, and specialize in installation, configuring and managing of remote virtual and dedicated servers powered by Linux/Unix-like OS with DirectAdmin. We support various sets of software, including web-servers Apache, Nginx; internet domain name servers Bind, PowerDNS; mail-servers with POP3, IMAP and SMTP, FTP-servers, etc. After years of working through the most complex server challenges our team has gathered valuable experience and universal solutions suitable for everyday tasks. We are here to lend you a helping hand and take care of your servers in order to let you have enough time to do more of what you love.




All of the information and data on this site is for informational purposes only and is provided for the convenience of the user.
Powered by: Amiro.CMS - Free edition