search cancel

When SSLv3 option is disabled, Symantec Messaging Gateway (SMG) fails to negotiate cipher suites with MTAs that support SSLv3 cipher suites only


Article ID: 162761


Updated On:


Messaging Gateway


When SSLv3 option is disabled by Protocols -> Settings -> SSL Restrictions -> Disable support for SSLv3 and earlier protocols in all SMTP TLS conversations, Symantec Messaging Gateway (SMG) 10.6.0-3 and SMG 10.6.0-5 fails to negotiate cipher suites in TLS sessions with MTAs that only support SSLv3/TLSv1.0 protocol.


Symantec has addressed this issue in version 10.6.0-7.

To workaround the issue with version 10.6.0-3 and 10.6.0-5, these temporary workaround options should be considered:

  • Enable SSLv3 protocol by unchecking Protocols -> Settings -> SSL Restrictions -> Disable support for SSLv3 and earlier protocols in all SMTP TLS conversations. This will allow SMG to negotiate encrypted connection using much larger cipher suites list and will likely resolve all TLS communication issues.
  • Disable SMTP over TLS conversation on SMG
  • Downgrade to software version 10.5.4

If the receiving MTAs are local, enabling TLS1.2 on the local servers should also be considered.

For Microsoft Exchange servers, see the following information:

Microsoft Exchange 2013:

Microsoft Exchange 2010: