[German]It currently that users of multifunction printers with a scan function that use a connection to a Microsoft Office 365 SMTP server are running into issues with certain devices. Users of Rico devices are receiving "Cannot connect to SMTP server" connection errors and an "SSL negotiation failed" message when scanning to Microsoft Office 365 accounts. Various Rico models are affected, for example, but also Xerox Versalink C7030, Kyocera or Sharp devices. The cause is likely to be a change to TLS 1.2 by Microsoft.
Advertising
Scan problem when sending to MS Office 365 account
A blog reader pointed out a problem with MFC devices. Users are facing connection issues, when they try to send scans to Microsoft Office 365 accounts via SMTP. The problem has been described since February 2, 2025 at Microsoft Learn under office 365 "Cannot connect to SMTP server" "SSL negotiation failed".
Rico Scan error "Cannot connect to SMTP server"
Someone who works for the manufacturer Rico started the thread and wrote that he had several customers who suddenly got the error "Cannot connect to SMTP server", "SSL negotiation failed" (or "Cannot connect to SMTP server", "SSL negotiation failed" in English).
As far as I understand it, the error occurred when scanning with Rico devices. The MFP models affected are MP C307, MP 6055, IM C3000 and MP C3004ex. It looks as if their scan function cannot transmit the scan results to the configured SMTP server if the devices use the older 16S or 17S controllers.
Error affects MS Office 365 account users
Several users confirmed the error when scanning, although some only had the error message on the second or third scan. When checking the user configurations, it was found that all affected users use Microsoft Office365 accounts for SMTP authentication (smtp.office365.com). And this SMTP authentication suddenly stopped working.
Cause: Deactivated TLS 1.2 cipher suite
In the thread, which already has three pages and many messages from those affected, one affected person reported early on that there were probably problems with TLS 1.2 encryption. The SMTP connection works if the servers used for communication still support TLS_RSA. If only Elliptic Curves are supported, the communication fails.
Advertising
Later, a user confirmed that the problem had to do with the TLS 1.2 cipher suite. A Ricoh technician had written to him: "It looks to me like Microsoft has disabled the cipher suites without elliptic curves for TLS1.2. ECDHE is only possible with newer controllers from 18S."
This means that affected devices with the older controllers may no longer be able to perform scans if they transmit the result to a Microsoft Office 365 account via smtp.office365.com.
Those affected can check whether the multifunction devices can set a different SMTP configuration. In the course of the discussion, someone wrote that he had activated SHA2(256/384) as hash on his Kyocera multifunction printer, after which the scan function worked again and the results could be transferred to the Microsoft Office 365 account via SMTP.
On February 5, 2025, however, an affected person got in touch and reported that scanning suddenly worked again (without intervention). He suspected that Microsoft had fixed the problems with the TLS 1.2 cipher internally.
Another affected person wrote that they have now solved the problem with a workaround. They have set up an internal server as an SMTP relay with hMailServer and forward all scans from the affected devices to Microsoft via this server. Was or is anyone in the readership affected?
Advertising
