Troubleshooting Tip: How to troubleshoot error failed TLS handshake due to 'reason=unsupported protocol'
| Description | This article describes how to troubleshoot TCP handshake errors with the reason 'unsupported protocol'. |
| Scope | FortiMail. |
| Solution | When FortiMail relays the email to other MTAs, it shows a TCP handshake error in the Mail Event log with reason 'unsupported protocol' as shown below.
This issue is because the TLS version used by FortiMail is not supported by the other MTAs. Make sure the other MTA is supported to use the same TLS version enabled in FortiMail.
Run the command 'get system global' to check the ssl-versions enabled in FortiMail. Refer example output below.
Based on the output above, FortiMail was enabled with TLS versions 1.2 and 1.3. Make sure the other MTA is supported for these two TLS versions.
If the other MTA does not support TLS version 1.2 and 1.3, run the below command to enable the specific TLS version in FortiMail that supported by the other MTA. Below are examples of commands to enable TLS version 1.1, 1.2, and 1.3 in FortiMail.
config system global set ssl-versions tls1_1 tls1_2 tls1_3 end
See this document: Using the CLI here for more information. |
