Joe,

Thanks for the detailed response, will pass this along to our users.

I tried the aspmx.l.google.com and it did not work. Think we are out of options, back to scanning to a thumb drive.

Joe

Daniel is correct in the SHA-2 thing....

But it won't be taken as a Spar, that was tried and already declined, it needs to be done as a FER(Feature Enhancement Request)

Since my post Monday some things have been confirmed, the printer (Almost all the Fuji-Xerox machines) don't support SHA-2. They never did, so a spar (It's broken, we gotta fix it) won't be considered, it has to be a FER (It can't do it, but we would like it to).

Timeline for a fix is unknown, and is not guaranteed, but as we get more and more FER requests submitted the more visibility this will get and drive it to a higher priority.

Microsoft is going to switch, Chrome as well, GoDaddy too, Office365 soon.

A few timelines

• Microsoft’s SHA-1 deprecation plan differs in the activation time and browser behavior. Microsoft’s security advisory on “Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program” informed us that Windows will cease accepting SHA-1 SSL certificates on January 1, 2017. To continue to work with Microsoft platforms, all SHA-1 SSL certificates issued before or after this announcement must be replaced with a SHA-2 equivalent by January 1, 2017.

• Chrome version 39 and later will display visual security indicators on sites with SHA-1 SSL certificates with validity beyond January 1, 2016. The production release of Chrome 39 is expected to be in November, 2014. The sites will be treated with one of the following indicators: “secure, but with minor errors” (lock with yellow triangle), “neutral, lacking security” (blank page icon) and “affirmative insecure” (lock with a red X). In order to prevent online users on Chrome version 39 and later from experiencing these indicators, SHA-1 SSL certificates expiring after December 31, 2015 must be replaced with SHA-256 (SHA-2) certificates.

https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1

https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know

Fuji-Xerox has made an official pdf for their products, but Xerox typically changes the device names for release in other markets.

I can confirm the issue exists on the 53xx, 7120, 560 families.

It likely exists on the C75,J75, C60/C70.

Long update made short:

If you are getting this, call Xerox, get to 2nd level  state you heard about the SHA-2 issue, and would like to get a FER started because you need that ability on your device and are receiving the error.

Long hold time to be expected for the foreseeable future, the poor guys* and girls who have to support these machines will be getting hammered with calls, but they know that it won't be fixed without those calls, , best bet is you just call, wait in line and get it reported for your site.

*I am one of them.

Google, Yahoo, and Microsoft are in the process of switching over to SHA2 SSL certificates. That's the cause of 17-714 codes you're seeing.

As a workaround, you can scan only to G-Mail addresses using the following setup:

aspmx.l.google.com (instead of smtp.gmail.com)

Port 25 (instead of 465 or 587)

Encryption type None, rather than SSL/TLS

It's an extra step to receive the scan into a G-Mail inbox and then forward it on, but it's a workaround until a point a SPAR is or is not developed.

We are having the same problem. We have two 5335's with the same problem. We have a dozen copiers including two Xerox 5845. All of those work.

We called our Xerox rep, he said we have the latest version and it was our problem. We did not have the latest version, your version was newer. We down loaded that, installed it and it still did not work. We got a different error message, 016-764.

We also tried the IP address of smtp.gmail.com, no luck. This does not make sense anyway. Sooner or later Google will update that one.

Anything else to try? Or do we just wait for another firmware update.

Thanks for your answer, I will try that and let you know if it works!

Latest firmware for the 53xx is here and is dated last month. So grab that and install it first. (The latest firmware on Xerox.com is never the latest, it is always the current "General Release", there is almost always a newer firmware that is considered a "Spar" which is a General release modified to fix known issues in the General release.)

The Firmware you listed is for an entirely different family of machines, it runs the 7120 specifically.

The fault you are getting is because the printer does not understand the encryption used by the server.

It very much appears that Google is doing another staged security rollout, like they did last year that mandated the use of 2048 Encryption, and because it is a staged rollout, it goes server to server, so the machine will work today, but not tomorrow. Google does all their updates this way. Xerox is getting many reports from many customers on many machine families about that particular error. So install the latest spar, if it still fails, ping "smtp.gmail.com" a few times from different PC's and collect some different IP addresses, cycle through them on the printer and use whichever works (Because they stage their rollouts you will typically find one that has not had the update done yet) and use that while waiting for Xerox to get a firmware built to meet the standards.

So just update the firmware and change no settings and all should be well.