Bug#676563: exim4: new minimumum Diffie-Hellman length breaks sending, not configurable

Eric Cooper ecc at cmu.edu
Wed Jun 20 23:01:15 UTC 2012 

Package: exim4
Followup-For: Bug #676563

This problem still exists for me in version 4.80-3.
I'm using smtp.srv.cs.cmu.edu as smarthost, and I get this error:

2012-06-20 18:40:40 1ShRfu-0001AA-8c TLS error on connection to smtp.srv.cs.cmu.edu [128.2.217.15] (gnutls_handshake): The Diffie-Hellman prime sent by the server is not acceptable (not long enough).
2012-06-20 18:40:40 1ShRfu-0001AA-8c TLS session failure: delivering unencrypted to smtp.srv.cs.cmu.edu [128.2.217.15] (not in hosts_require_tls)

I downgraded to 4.77-1 and my configuration works again.

I tried setting tls_dh_min_bits to several lower values, but it didn't
help. (Perhaps I was doing it wrong.)  Also, is there a debugging
option that would allow me to determine the prime size that the CMU
server is using?

-- Package-specific info:
Exim version 4.77 #3 built 22-Oct-2011 17:56:52
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 5.1.25: (January 28, 2011)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (400, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]                                          1.5.43
pn  exim4-base                                                     <none>
pn  exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom  <none>

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information:
  exim4/drec:

More information about the Pkg-exim4-maintainers mailing list