Ssl error with offlineimap version 6.6.1 (debian package)

Leandro Noferini lnoferin at
Sun Feb 7 22:20:28 GMT 2016

Tomasz ┼╗ok <tomasz.zok at> writes:


>>  ERROR: Unknown SSL protocol connecting to host
>> '' for repository 'RemotoBBs'. OpenSSL responded:
>> [SSL: SSL_NEGATIVE_LENGTH] dh key too small (_ssl.c:590)
>> (...)
>> What could be the error?
> OpenSSL has issued a change to protect from known vulnerability. You can
> read more here:


> dh key.
> You can check if your IMAP server is vulnerable with the command:
>     $ openssl s_client -connect $SERVER:imaps -cipher "EDH" | grep
> "Server Temp Key"

> Where $SERVER is the hostname of your IMAP server. If the result shows
> 768 bits or less then OpenSSL (and OfflineIMAP effectively) will refuse
> to connect. Soon, 1024 bits will also be treated as too weak and
> refused.

Server Temp Key: DH, 768 bits

Ok, it's clear!

> I think in this situation, only the IMAP server admin can aid. Even if
> there were some action possible on the client side, it would be at
> a cost of lower security.

I am the admin of server (it is in my house) and I can do what I
can/like because it is a family server.

I use courier as imap sever for many years and I would not change but I
tried to use a certificate from letsencrypt project but it gives some

P.S.: thanks a lot for explanation!

Scegli sempre un'idea che ti permetta poi di cambiarla
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 464 bytes
Desc: not available
URL: <>

More information about the OfflineIMAP-project mailing list