bounced: tlsv1 alert decode error (after you upgrade to, you are unable to send email via TLS to some domains)
Technische Artikel ID:   KB84156
Zuletzt geändert am:  3/16/2015


McAfee Email Gateway (MEG) 7.6


After you install MEG, you cannot send email via TLS to some domains. On the MEG Message Search page, you see an error similar to:

bounced: tlsv1 alert decode error


Some older OpenSSL implementations cannot handle the TLS extension padding added by newer versions of OpenSSL.


This issue is resolved in MEG 7.6.4 which is available when you log on to the ServicePortal at https://support.mcafee.com/downloads.

Updates are cumulative; Technical Support recommends that you install the latest one.
To review the Release Notes, see PD25949.
To review the Known Issues, see KB78950.

MEG 7.6.4 will disable this padding by default.


To work around this issue:
  • If you are using ePO to manage your appliance, you must follow the process documented in KB82606 to avoid ePO overwriting your configuration changes.
  • Technical Support recommends that you save the configuration file from the appliance and store a backup copy in a separate location. Edit a copy of the configuration file, and always keep a current version in a safe place.
  • For details about saving, editing, and restoring the appliance configuration file, follow the instructions in KB56323.
  1. Log on to the appliance management console and back up the configuration file.
  2. Open the configuration file in WinZip.
  3. Navigate to \Native and open smtp-config.xml in Notepad, Wordpad, or another text editor.
  4. Locate the element ForbiddenCiphers. Add EDH to the list so it looks like the following:
    <Attr name="0" value="aNULL"/>
    <Attr name="1" value="EDH"/>
  5. Save the file, keeping the plain text encoding.
  6. Update the file in the appliance configuration.
  7. Restore the configuration to the appliance.

Dieses Dokument bewerten

Technisches Glossar

 Glossarbegriffe hervorheben

Im technischen Glossar werden Fachbegriffe erklärt.