Upgrade SSL Security on Email

we inform you, for users under windows 10, especially outlook users with using the None of the authentication method cannot be used. Therefore, please update your windows orvyour outlook to the latest version.


Here's a reference we can provide:


Requirements:

In cPanel Version 68, we introduced a new SSL cipher to improve mail server security; this enables TLS 1.2 and disables older SSL protocols, such as TLS 1.0. You can read more about this in our blog post here: TLS Changes in Version 68


While cPanel makes every effort to ensure our products are as secure as possible, this means older operating systems and email clients will be affected.


Description


This issue usually occurs when using Windows 7, Outlook 2007 & 2010, or older email clients that do not support newer versions of TLS. For example, For Microsoft Windows 7, Microsoft released to enable the newer protocols, TLS 1.1 and TLS 1.2. You can read more information on our blog here: Enabling TLS 1.1 and 1.2 in Windows 7


Please note this is not a flaw or issue with cPanel, but an incompatibility with outdated client software. Updating client software to support TLS 1.2 will help maintain overall security.


Solution:


There are two options to help solve the problem you are currently facing. Please note that Option 1 is the recommended solution.


Options 1: (RECOMMENDED)


To enable TLS 1.2 for Windows 7, you need to patch your system to modify the registry. Make sure your system is fully updated via the update center, then download and install from the Microsoft website here: Enable TLS 1.1 and 1.2 as the default secure protocol.


Once installed, be sure to reboot your local computer to ensure it has taken effect. Once your system is back online, try connecting to the cPanel server again.


Options 2: (NOT RECOMMENDED)



If you need to enable TLS 1.0 on your WHM/cPanel server for compatibility, do the following in WHM >> Home >> Service Configuration >> Exim Configuration Manager >> Basic Settings:


   1. Ensure that "Allow weak SSL/TLS passwords" is "On".


   2. Change "SSL/TLS Cipher Suite List" to (this is one long line):



      ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHARSA AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA-AES1 ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-SHA256: RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS




   3. Change the "Options for OpenSSL" to the following:




      +no_sslv2 +no_sslv3




   4. Click "Save" at the bottom of the page.




These changes will enable TLS 1.0, 1.1, and 1.2 and should provide compatibility with legacy mail servers and clients that only support TLS 1.0.




To make this change for Dovecot, go to WHM >> Home >> Service Configuration >> Mail Server Configuration, and do the following:




   1. Change "SSL Cipher List" to this (in one long line):


ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHARSA AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA-AES1 ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-SHA256: RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS


    


   2. Change "SSL Minimum Protocol" to this:




    TLS1




Once you have made these changes to the server or you have fully updated your Windows system, Windows should be able to connect to the server again.




References : https://support.cpanel.net/hc/en-us/articles/360052791394-Outlook-TLS-error-None-of-the-authentication-methods-supported-by-this-client-are-supported-by-your-server-




This is the information that we can convey




Thank you

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.