FortiMail 200E and TLS issue

Forum|Forum|7 years ago
December 7, 2018
1 reply
14856 views

Hello,

i hope somebody can help me.

We have a FortiMail 200E with v6.0,build91,180524 (6.0.0 GA)

The problem is, we send to a customer Email with TLS Profile, but we got allway an error

STARTTLS=client, error: connect failed=-1, reason=unsupported protocol, SSL_error=1, errno=0, retry=-1

to=<SipB@bkk-akademie.de>, delay=00:00:20, xdelay=00:00:20, mailer=esmtp, pri=40596, relay=mailtic.bkknet.de. [62.156.211.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake.(Reason:403 4.7.0 TLS handshake.)

Under Policy ->Acces Control -> Delivery

The Domain is enabled with TLS Profile " TLS Preferred"

I'm not really sure what the problem is, because with other Domains/Customers the TLS is working.

best regards from Germany

Alexander_MuellerAuthor

New Member

Ok, we updated the Fortimail to v6.0,build108,180731 (6.0.2 GA), but the same problem

STARTTLS=client, error: connect failed=-1, reason=unsupported protocol, SSL_error=1, errno=0, retry=-1

to=SipB@bkk-akademie.de, delay=00:00:21, xdelay=00:00:21, mailer=esmtp, pri=0, relay=mailtic.bkknet.de. [62.156.211.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake.(Reason:403 4.7.0 TLS handshake.)

Bromont_FTNT

Staff

Looks like mailtic2.bkknet.de only support TLS 1.0, Fortimail 6 has TLS 1.0 disabled by default.

You can enable TLS 1.0 via CLI:

#config system global

#set ssl-versions tls1_0 tls1_1 tls1_2

#end

emnoc

New Member

Yes, I was going to say the same thing chk support TLSverison and adjust as needed. With PCIJUNE2018 and various state and federal level agencies they are disabling TLSv1 support soTLS v1.1. or V1.2 at minimum

Ken Felix

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded