[Pkg-openssl-devel] Bug#673924: openssl: 0.9.8o-4squeeze13 update broke exim4 TLS connection to FastMail
Kevin J. McCarthy
debian at 8t8.us
Tue May 22 04:00:56 UTC 2012
Package: openssl
Version: 0.9.8o-4squeeze13
Severity: normal
My exim4 server is configured to relay messages to FastMail as a
smarthost (using mail.messagingengine.com::587).
The day the openssl security update 0.9.8o-4squeeze13 was installed,
exim4 started failing to relay, logging:
TLS error on connection to mail.messagingengine.com [66.111.4.52]
(gnutls_handshake): The Diffie-Hellman prime sent by the server is not
acceptable (not long enough).
It seems like some sort of default minimum acceptable key size must have
changed, or else FastMail changed something at the same time. I can't
find any setting in exim4 to change this.
-- System Information:
Debian Release: 6.0.5
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libssl0.9.8 0.9.8o-4squeeze13 SSL shared libraries
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20090814+nmu3squeeze1 Common CA certificates
-- no debconf information
More information about the Pkg-openssl-devel
mailing list