Package: courier-imap-ssl Version: 4.15-1.6 Severity: important Dear Maintainer,
Fresh install on new debian jessie, it generated /etc/courier/dhparams.pem However "openssl s_client -connect ip:143 -starttls imap" is unable to connect with this error message: 140640772830864:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3424: Openssl in jessie (and so all other software using it like php/perl imap modules) is configured to reject all connections using DH less than 2048 bits. However the one generated by courier-imap-ssl upon install is only 768 bits. server:~:# openssl dhparam -text -in /etc/courier/dhparams.pem -noout PKCS#3 DH Parameters: (768 bit) This makes default installation of courier-imap-ssl unusable. -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages courier-imap-ssl depends on: ii courier-imap 4.15-1.6 ii courier-ssl 0.73.1-1.6 ii debconf 1.5.56 ii openssl 1.0.1t-1+deb8u2 courier-imap-ssl recommends no packages. Versions of packages courier-imap-ssl suggests: pn courier-doc <none> ii heirloom-mailx [imap-client] 12.5-4 -- Configuration Files: /etc/courier/imapd-ssl changed [not included] /etc/courier/imapd.cnf [Errno 2] No such file or directory: u'/etc/courier/imapd.cnf' -- debconf-show failed