On 2016-04-01, Fundemap S.A. - Sergio Sánchez <[email protected]> wrote: > Hi, > i'm having tls errors like this: > TLS error on connection to mail.xxxx1.com.ar [ip] (gnutls_handshake): > The Diffie-Hellman prime sent by the server is not acceptable (not long > enough). > TLS error on connection from mail.xxxx2.com.ar (nameserver) [ip] > (gnutls_handshake): A record packet with illegal version was received.
By my somewhat limited understanding of encryption it seems that the remote end of the TLS link is trying to use an insecure encryption scheme. Could be old software on the destination server, could be a man-in-the-middle TLS downgrade attack. Perhaps confirm this using "opessl" and then contact postmaster at the remote end and let them know. Alternatively you could ask the sender for permission to turn off encryption for that destination. -- \_(ツ)_ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
