Hi all,
This is for one of my customers I support.

Their v2014 R2 GWIA has: Agent Settings, SMTP, SSL [Enabled] but all mail from them comes (TLS Not Encrypted). Does not matter who the recipient is (other GW, GMAIL, Rogers/Yahoo all tested)
If we put SSL as (Required) then no mail goes out!

We started with a self-signed cert, then let GWAdmin Console generate one, and at the advice of MF Support purchased a REAL certificate and nothing improves.

Normally the Generate Certificate button in GWAdmin console is all that's needed to get this going, but no luck.

This weekend, we patched everything in sight and are now at: OES 2015 SP1, SLES 11.4, GW 14.2.2, still no luck.

The GWIA logs just show:
Connected To server: [recipient server IP]
Transferred

It is missing the happy line: "SMTP upgraded to a secure connection"

This is my first of dozen(s) of GWIA's I've worked with where I can't get TLS to work.

Any ideas?

Does anyone think it could be SSL issues on the SLES box?
Eg. Broken OpenSSL
(in which case, be aware that this is clustered and we *have* tried moving the GWIA resource to another identically built and patched NODE with no change).