[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exim : GnuTLS : DH prime too short

On 2013-08-16 10:52, Heiko Schlittermann wrote:


    (gnutls_handshake): The Diffie-Hellman prime sent by the server is
not acceptable (not long enough).
220 Ready to start TLS
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
 - Using prime: 1024 bits
 - Secret key: 1021 bits
 - Peer's public key: 1024 bits
- Certificate type: X.509
 - Got a certificate list of 4 certificates.
 - Certificate[0] info:
Wobei ich vor 10 min zu diesem Thema auch noch das README.Debian in debian/rules vom Exim4 Paket gelesen habe. 

Section 2.2 Troubleshooting sagt:
   You might also find "TLS error on connection to [...]
(gnutls_handshake): The Diffie-Hellman prime sent by the server is not 
   acceptable (not long enough)." given as reason. Exim by default
   requires a DH prime length of 1024 bits. This requirement can be
downgraded by setting the tls_dh_min_bits option on the SMTP transport. 
   The setting is accessible in the Debian configuration by setting the
   macro TLS_DH_MIN_BITS. (e.g. "TLS_DH_MIN_BITS = 768").
Das ganze Thema ruehrt wohl von dieser ominoesen "Mail in Deutschland" PR-Kampagne. Es ist zwar positiv, dass die grossen Provider nun auch TLS fuer den Mailversand nutzen, aber deswegen ist man noch nicht sicher vor Ueberwachung durch Geheimdienste. 

--
Ciao...          //    Fon: 0381-2744150
.     Ingo     \X/     http://blog.windfluechter.net

gpg pubkey: http://www.juergensmann.de/ij_public_key.
Reply to: