How to disable old SSL types and enable TLS 1.1 and TLS 1.2 to receive messages from Gmail servers over a secure connection.


SYMPTOMS

When sending from Gmail to MailEnable, a bounce is generated, and the bounce includes the error information:

TLS Negotiation failed: generic::failed_precondition: starttls error (0): protocol error


Final-Recipient: rfc822; test@example.com
Action: delayed
Status: 4.7.0
Remote-MTA: dns; mail.example.com. (0.0.0.0, the server for the
domain example.com.)
Diagnostic-Code: smtp; TLS Negotiation failed: generic::failed_precondition: starttls error (0): protocol error
Last-Attempt-Date: Tue, 17 Jul 2018 22:40:23 -0700 (PDT)
Will-Retry-Until: Thu, 19 Jul 2018 22:31:42 -0700 (PDT)

CAUSE

When MailEnable SMTP service has STARTTLS enabled you need to ensure that you disable old SSL protocols and have TLS 1.1 and TLS 1.2 enabled within Windows. Gmail and other services will fail to send if TLS 1.2 is not available.

DETAIL

TLS 1.1. and TLS 1.2 are only available for Windows Server 2008 and later. Older revisions of Windows server do not support these methods and require updating Windows Server.

Please follow the steps in the following Microsoft guide and locate the section to disable SSL 3.0. After disabling SSL 3.0 locate the sections to add the registry keys for TLS 1.1 and TLS 1.2.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)#BKMK_SchannelTR_TLS12



Product:MailEnable (All Versions)
Article:ME020694
Module:General
Keywords:SSL,TLS,1.1,1.2,Gmail
Class:HOWTO: Product Instructions
Revised:Monday, July 23, 2018
Author:
Publisher:MailEnable