Package: courier-imap-ssl
Version: 4.15-1.6
Severity: important
Dear Maintainer,
Fresh install on new debian jessie, it generated /etc/courier/dhparams.pem
However "openssl s_client -connect ip:143 -starttls imap" is unable to connect
with this error message:
140640772830864:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh
key too small:s3_clnt.c:3424:
Openssl in jessie (and so all other software using it like php/perl imap
modules) is configured to reject all connections using DH less than
2048 bits. However the one generated by courier-imap-ssl upon install is
only 768 bits.
server:~:# openssl dhparam -text -in /etc/courier/dhparams.pem -noout
PKCS#3 DH Parameters: (768 bit)
This makes default installation of courier-imap-ssl unusable.
-- System Information:
Debian Release: 8.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages courier-imap-ssl depends on:
ii courier-imap 4.15-1.6
ii courier-ssl 0.73.1-1.6
ii debconf 1.5.56
ii openssl 1.0.1t-1+deb8u2
courier-imap-ssl recommends no packages.
Versions of packages courier-imap-ssl suggests:
pn courier-doc <none>
ii heirloom-mailx [imap-client] 12.5-4
-- Configuration Files:
/etc/courier/imapd-ssl changed [not included]
/etc/courier/imapd.cnf [Errno 2] No such file or directory:
u'/etc/courier/imapd.cnf'
-- debconf-show failed
