Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alessandrob
New Contributor

STARTTLS=server, error: accept failed=0, reason=bad signature, SSL_error=1, errno=0, retry

I have a Fml 200 c as mail server for a domain. Since few days many a lot of mail incoming from Google accounts fails with this error:

STARTTLS=server, error: accept failed=0, reason=bad signature, SSL_error=1, errno=0, retry

On access control rules I ve put an explicit one that match protected  destination *@mydomain.com, reverse dns pattern *.Google.com and a TLS profile (tried two profile: tls preferred and tls required.

But no way to solve.

Any Idea?

2 REPLIES 2
Bromont_FTNT
Staff
Staff

Is it a 100C or 200D? If 200D make sure you have the latest firmware installed. Also is the firewall doing TLS inspection?

alessandrob

it's a 200D. Ive discovered that the problem is caused by SSL inspection enabled on the fgt50D in front. If I disable SSL inspection the problem disappears.

I've updated the fgt firmware from 541 to 542 few days ago and I suppose this is the cause because before this it was working fine. I've opened a tichet for bot fgt and fml but no answer at the moment

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors