SSL Protocols and Issues Sending or Receiving Mail Print

  • 105

During any SSL connection process, there are usually "talks" between the client (your device/s) and the server (wherever you are connecting to) that try to determine the best SSL protocol to use. You may be familiar with these and may have seen them named as or referred to as TLS 1, TLS 1.1, TLS 1.2 and TLS 1.3. The client will typically attempt to communicate with the server using a specific protocol, and if the server supports this protocol, the connection can continue. New protocols are continuously being planned and designed in order to replace older protocols to make the Internet a much safer and secure system, and as a result, older and perhaps insecure protocols are made obsolete and support for them is discontinued.

If you are reading this KB article then a member of our support team may have linked you to here to advise you that you are experiencing a protocol issue or mismatch which is preventing you from connecting to your services. The most common cause of this is using an outdated e-mail client or Operating System that does not support newer SSL protocols, and is trying to use an old protocol that is no longer supported. In our experience this most commonly happens with the "Mail" application on Apple machines.

What exactly is happening and causing this?
As we mentioned above, as newer protocols are developed they essentially supersede older protocols because they are more secure. Software needs to be updated to support and be compatible with these newer protocols. If a software change or update on our servers decides that, for example, TLS 1.0 is no longer secure and TLS 1.1 should be used instead - then any connections that attempt to use TLS 1.0 may fail with an error message. In many cases, your client will attempt to automatically work out the best protocol to use and handle this for you automatically. Unfortunately, in some cases, such as using much older software - these newer protocols may not yet be supported or compatible.

So how can I fix this problem?
Much of the software that we run on our servers is updated automatically. cPanel and WHM, for example, are typically responsible for deciding which SSL protocols are supported and used for each services - and their automatic software updates can change this with time. Usually protocols are only revoked many years after a newer protocol is released, which gives time for the software providers to ensure that this will not cause a problem. We are, however, seeing an increase in Mac OS users who have not updated their Operating Systems becoming affected by out of date protocol usage.

Unfortunately, in these instances, the main solution we suggest is that customers update to the latest version of their Operating System and then ensure that all of their subsequent software is up to date. This will ensure that they are compatible with the latest protocols, and this should solve the connection issues.

If you are using the Mail application and are not able to update your Operating System for some reason, we recommend looking into an alternative mail client such as Thunderbird - which will handle its own SSL protocols independant of your Operating System.

Was this answer helpful?

« Back