Bug#684340: exim tls fails: Diffie-Hellman prime too short
David Lawyer
dave at lafn.org
Wed Aug 8 21:31:59 UTC 2012
Package: exim4
Version: 4.80-3
It's reported on the Internet that version 4.77 doesn't have this
problem. After updating from v. 4.72, attempts to sent out email to my
ISP failed and all messages bounced back to me. After some checking I
found out that apparently the option tls_dh_min_bits has had it's
default value increased to a value that's too high for my ISP. Here what
it shows in my exim log file: (zoom.lafn.org is my ISP)
2012-08-08 12:21:33 1SzBow-0007AV-5w TLS error on connection to zoom.lafn.org [108.92.93.123] (gnutls_handshake): The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
Here's how I fixed it based on what someone else did per the Internet:
Create file /etc/exim4/exim4.conf.localmacros and add the line:
TLS_DH_MIN_BITS = 512
David Lawyer
More information about the Pkg-exim4-maintainers
mailing list