Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio 9.2.1 Upgrade - SSL Connections Failing Outlook and Entourage
  •  
perennialdesign

Messages: 117
Karma: 3
Send a private message to this user
I upgraded to 9.2.1 and now there are certain SSL connections from Entourage and Outlook 2011 which are not working.
The app remains idle and doesn't even attempt the connection. If I disable SSL the connection works.
However there are some computers (mine included) which connect fine via SSL.
Help please!
  •  
Pavel Špalek (Kerio)

Messages: 287
Karma: 37
Send a private message to this user
Please enable Outlook and Connect server logging as described here:
http://kb.kerio.com/article.php?id=1053
In server debug log enable also
[x] Network Connections and SSL
in "Auxiliary Modules" section.
and send us the logs.
Thank you

Pavel Špalek
developer - Kerio Connect
  •  
perennialdesign

Messages: 117
Karma: 3
Send a private message to this user
Hi Pavel.
Where shall I send the logs?

[Updated on: Mon, 19 December 2016 20:22]

  •  
Pavel Špalek (Kerio)

Messages: 287
Karma: 37
Send a private message to this user
Better upload it somewhere to cloud and send me the link to the address ews-devel at kerio.com

Pavel Špalek
developer - Kerio Connect
  •  
cowlings

Messages: 1
Karma: 0
Send a private message to this user
hi, also had this one. temporary solution was to allow lower ciphers in "ServerTlsCiphers".

" EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AE S128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128 -GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA 256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE- RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA: DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-S HA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC 3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES1 28-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eN ULL:!EXPORT:!DES:!MD5:!PSK:!RC4 "


  •  
Printery Technician

Messages: 1
Karma: 0
Send a private message to this user
cowlings wrote on Thu, 05 January 2017 02:17
hi, also had this one. temporary solution was to allow lower ciphers in "ServerTlsCiphers".

" EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AE S128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128 -GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA 256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE- RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA: DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-S HA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC 3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES1 28-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eN ULL:!EXPORT:!DES:!MD5:!PSK:!RC4 "




Perfect. That worked, thank you a lot!! Very Happy

But be aware of the spaces above. They don't have to be in the variable code. It has to be as follows:


EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
  •  
jcooper

Messages: 61
Karma: 3
Send a private message to this user
Hi,

DO you (or anyone) know if this is a common problem? ie, Does anyone still running Outlook 2011 and KMS 9.2.1 must make this change for it to work?

I'm on 9.1.1 and am having syncing problems with some calendar events. From this forum it looks like upgrading to 9.2.1 may fix it, but will break ssl in the process.

We have Outlook 2016 and 2011 clients and need them both to work.

If we do have to make this ServerTisCiphers change, could you post EXACTLY where in the config file you put it? This key seems to appear in a couple places.

Thanks!

Jeff

[Updated on: Fri, 13 January 2017 20:29]

  •  
perennialdesign

Messages: 117
Karma: 3
Send a private message to this user
I updated my Entourage 2008 users to Outlook 2011 and it fixed the issue. I did not need to change the ciphers. Just make sure your Outlook 2011 is fully patched.

[Updated on: Fri, 13 January 2017 20:35]

  •  
jcooper

Messages: 61
Karma: 3
Send a private message to this user
That's great. Thanks!

Jeff
Previous Topic: Mails dissappeared magicalley
Next Topic: Free/Busy shows no information for some users
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Apr 28 23:52:08 CEST 2017

Total time taken to generate the page: 0.01142 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.