The Allow weak SSL/TLS ciphers setting in Exim Configuration Manager controls whether your mail server (Exim) accepts connections using older, less secure SSL/TLS cipher suites. By default, cPanel only allows strong, modern ciphers for encrypted mail connections. In some cases — such as legacy mail servers or older email clients — you may need to allow weaker ciphers to ensure mail delivery compatibility.

Step 1: Log in to WHM

Log in to your WHM interface as the root user.

Step 2: Open Exim Configuration Manager

Navigate to Home » Service Configuration » Exim Configuration Manager.

Step 3: Switch to the Basic Editor

Click the Basic Editor tab at the top of the page.

Step 4: Locate the security setting

Click on the Security sub-tab, or use the search box to find Allow weak SSL/TLS ciphers.

Step 5: Enable the setting

Set Allow weak SSL/TLS ciphers to On.

Step 6: Save your changes

Scroll to the bottom and click Save. Exim will restart automatically to apply the new configuration.

Important Notes

  • Security warning: Allowing weak SSL/TLS ciphers reduces the security of mail transmissions to and from your server. Only enable this setting if absolutely necessary, and consider re-disabling it once compatibility issues are resolved.
  • This setting affects all SSL/TLS connections handled by Exim, including SMTP (port 465/587) and incoming mail connections.
  • The system stores this configuration in /etc/exim.conf.localopts. Do not edit this file manually — always use the WHM interface.
  • After saving, you can verify the change by checking Exim's active configuration via the Home » Service Configuration » Exim Configuration Manager » Advanced Editor.

Troubleshooting

  • Mail delivery fails with TLS errors after changing: Restart Exim by running service exim restart via SSH or WHM Terminal.
  • Clients still cannot connect: The issue may not be cipher-related. Check firewall rules, SSL certificate validity, and ensure the correct ports (465, 587, or 993 for IMAP) are open.
  • Setting not visible: This option may not appear on servers using certain server profiles. Ensure your server uses the Standard Node server profile.
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to set Default maximum email quota for new packages via WHM?

The Default maximum email quota for new packages setting in WHM controls the maximum email...
How to set Default disk usage quota for new packages via WHM?

The Default disk usage quota for new packages setting in WHM lets you define a default disk space...
How to set Default bandwidth limit for new packages via WHM?

When you create a new hosting package in WHM, cPanel uses a default bandwidth limit if you don't...
How to change cPanel PHP max POST size via WHM?

The cPanel PHP max POST size setting controls the maximum size of HTTP POST requests that...
How to change cPanel PHP max upload size via WHM?

What is the cPanel PHP Max Upload Size? The cPanel PHP max upload size setting controls the...