Ssl error with offlineimap version 6.6.1 (debian package)
lnoferin at cybervalley.org
Sun Feb 7 22:20:28 GMT 2016
Tomasz Żok <tomasz.zok at gmail.com> writes:
>> ERROR: Unknown SSL protocol connecting to host
>> 'bbs.cybervalley.org' for repository 'RemotoBBs'. OpenSSL responded:
>> [SSL: SSL_NEGATIVE_LENGTH] dh key too small (_ssl.c:590)
>> What could be the error?
> OpenSSL has issued a change to protect from known vulnerability. You can
> read more here:
> dh key.
> You can check if your IMAP server is vulnerable with the command:
> $ openssl s_client -connect $SERVER:imaps -cipher "EDH" | grep
> "Server Temp Key"
> Where $SERVER is the hostname of your IMAP server. If the result shows
> 768 bits or less then OpenSSL (and OfflineIMAP effectively) will refuse
> to connect. Soon, 1024 bits will also be treated as too weak and
Server Temp Key: DH, 768 bits
Ok, it's clear!
> I think in this situation, only the IMAP server admin can aid. Even if
> there were some action possible on the client side, it would be at
> a cost of lower security.
I am the admin of server (it is in my house) and I can do what I
can/like because it is a family server.
I use courier as imap sever for many years and I would not change but I
tried to use a certificate from letsencrypt project but it gives some
P.S.: thanks a lot for explanation!
Scegli sempre un'idea che ti permetta poi di cambiarla
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 464 bytes
Desc: not available
More information about the OfflineIMAP-project