Hi, just after writing this question it came to my mind, that it might be our ECC certificate. https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200169-Configure-ESA-to-prefer-Perfect-Forward.html#anc8
regards Norbert -----Ursprüngliche Nachricht----- Von: mailop <[email protected]> Im Auftrag von Fehlauer, Norbert via mailop Gesendet: Donnerstag, 23. Oktober 2025 11:38 An: [email protected] Betreff: [mailop] Changes at Cisco ESA for outbound TLS ciphers? Hi, I'm experiencing delivery problems from senders which uses Cisco ESA systems to our on-prem Exchange systems. It seems that TLS negotiation fails between sender and our system. Error: TLS negotiation failed with error AlgorithmMismatch As I did not change anything on my side regarding the used ciphers, it seems possible that Cisco rolled out some change to outbound TLS security. As I do not have access to an ESA, can anyone comment if my assumption is correct? And maybe if this is the root cause can give me a hint what I can tell the sender admins? I guess somewhere at Cisco there would be some kind of documentation about the current default ciphers. Kind regards Norbert
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
