Mailing List Message #105852
From: Tom Rymes <>
Subject: Re: HEADS UP: If you're queueing to Office365 domains (was Re: Error: none of client TLS cipher methods is supported)
Date: Wed, 28 Oct 2015 10:20:19 -0400
To: CommuniGate Pro Discussions <>
On 10/27/2015 12:38 PM, Bill Cole wrote:
On 17 Sep 2015, at 11:45, Tom Rymes wrote:

Can anyone indicate to me why one would NOT enable the "CBC Ciphers for Old TLS" setting?

Well, as I discovered yesterday, you might switch that off if you want to mysteriously deliver nothing to domains hosted by Microsoft.

There is definitely a CGP flaw here. Current OpenSSL will negotiate TLS 1.2,ECDHE_AES256_SHA384 with the * machines, but the garbage TLS library CGP is using needs a non-standard config to get TLSv1.0,ECDHE_AES256_SHA and without that setting just gets tossed out during negotiation. As far as I can tell from the 2014-2015 logs of a handful of test and production instances running 6.x versions, CGP never bothers trying to use TLSv1.1 or TLSv1.2 for SMTP client sessions.

Bill: Are you saying that you run into problems when you have the option enabled, disabled, or no matter what you do?

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster