Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1877
Views
0
Helpful
5
Replies

TLS failed. Reason: Unknown Error

Andrei88
Level 1
Level 1

‎02-04-2023 01:27 AM

Hi guys,

Can you help me with this problem with inbound mails. From certain domains i get this response on ESA(TLS failed. Reason: Unknown Error).  After that the receiving is aborded. What may be the cause of this. Current version of my OS is 14.2.1.

Thanks!

 

2 people had this problem
Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎02-04-2023 02:51 AM

check TLS configuration :

 enabled TLS versions can be checked under System Administration -> SSL Configuration.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

kasimalbayrak
Level 1
Level 1

‎03-10-2023 05:26 AM

Hello,


I have the same problem with ESA version 14.2.1-015
I enabled TLSv1.0 in SSL configuration, the problem did not improve.
SSL Cipher(s) to use: I tried the following and I still get the same error.

AES128:AES256:!SRP:!AESGCM+DH+aRSA:!AESGCM+RSA:!aNULL:!kRSA:@STRENGTH:-aNULL:-EXPORT:-IDEA
MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH:!DHE-RSA-AES256-SHA256:!DHE-RSA-AES128-SHA256

I am waiting for your solution suggestions.

Thanks

0 Helpful

ironport4she
Level 1
Level 1

‎01-29-2024 05:34 AM - edited ‎01-29-2024 05:35 AM

I see the same error here:
Sun Jan 21 15:38:18 2024 Info: New SMTP ICID 3299541 interface mailout (x.x.x.x) address y.y.y.y reverse dns host unknown verified no
Sun Jan 21 15:38:18 2024 Info: ICID 3299541 RELAY SG RELAYLIST match y.y.y.y SBRS not enabled country not enabled
Sun Jan 21 15:38:18 2024 Info: ICID 3299541 TLS success protocol TLSv1.2 cipher ECDHE-RSA-AES256-GCM-SHA384
Sun Jan 21 15:38:18 2024 Info: ICID 3299541 TLS failed: Unknown Error
Sun Jan 21 15:38:18 2024 Info: ICID 3299541 lost
Sun Jan 21 15:38:18 2024 Info: ICID 3299541 close

and need information why the TLS connection is failing. I've opened today a service request to Cisco support. maybe they can help or give more information about this issue.

Regards
Ralf

0 Helpful

fpenigaud@exaprobe.com
Level 1
Level 1
In response to ironport4she

‎01-30-2024 12:07 AM

It is a TLS version issue. The remote site is probably using TLS version 1.0 which is higly deprecated.



You have the option to deactivate TLS with the remote site.

Your mailflow policy must be configured to use TLS in preferred mode.

To disable TLS with the remote site, create a "Destination control" for the remote mail domain, setting TLS to "none".


0 Helpful

ironport4she
Level 1
Level 1
In response to fpenigaud@exaprobe.com

‎01-30-2024 02:09 AM

Hello,
thanks for your answer. But acording the mail log both parties are using TLS1.2. Disabling TLS is not a real option since the sender has required TLS configured and won't disable it, For testing because of the current issue he has disabled TLS .

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents