Re: Exim : GnuTLS : DH prime too short
On 2013-08-16 10:52, Heiko Schlittermann wrote:
(gnutls_handshake): The Diffie-Hellman prime sent by the server is
not acceptable (not long enough).
220 Ready to start TLS
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1021 bits
- Peer's public key: 1024 bits
- Certificate type: X.509
- Got a certificate list of 4 certificates.
- Certificate[0] info:
Wobei ich vor 10 min zu diesem Thema auch noch das README.Debian in
debian/rules vom Exim4 Paket gelesen habe.
Section 2.2 Troubleshooting sagt:
You might also find "TLS error on connection to [...]
(gnutls_handshake): The Diffie-Hellman prime sent by the server is
not
acceptable (not long enough)." given as reason. Exim by default
requires a DH prime length of 1024 bits. This requirement can be
downgraded by setting the tls_dh_min_bits option on the SMTP
transport.
The setting is accessible in the Debian configuration by setting the
macro TLS_DH_MIN_BITS. (e.g. "TLS_DH_MIN_BITS = 768").
Das ganze Thema ruehrt wohl von dieser ominoesen "Mail in Deutschland"
PR-Kampagne. Es ist zwar positiv, dass die grossen Provider nun auch TLS
fuer den Mailversand nutzen, aber deswegen ist man noch nicht sicher vor
Ueberwachung durch Geheimdienste.
--
Ciao... // Fon: 0381-2744150
. Ingo \X/ http://blog.windfluechter.net
gpg pubkey: http://www.juergensmann.de/ij_public_key.
Reply to: