Re: [qmailtoaster] dh key too small
you can turn off encryption to that host On 12/16/2020 1:10 PM, Angus McIntyre wrote: 2048 bits ought to be enough, I would think. Most of the references to this problem that I was able to find suggested that it kicked in at 768 bits and smaller. So maybe it's the remote server. The remote is e4.echonyc.com (108.60.149.50). Where's the Diffie-Hellman key used by qmail stored on a CentOS/qmailtoaster server? Thanks, Angus Eric Broch wrote on 12/16/20 2:48 PM: hmmm Ours is 2048 bits. What's the remote server? On 12/16/2020 11:27 AM, Angus McIntyre wrote: CentOS 8 and Qmail Toaster Ver. 1.03-3.3.1.qt.el8. Angus Eric Broch wrote on 12/14/20 11:50 PM: What QMT/CentOS versions? On 12/14/2020 6:53 PM, Angus McIntyre wrote: My new toaster delivers mail just fine to almost all hosts. However, with one destination host I get the error: TLS connect failed: error:141A318A:SSL routines:tls_process_ske_dhe: dh key too small; connected to x.x.x.x I'm not going to try again ... The question is, which host has the undersized Diffie-Hellman key? Is it my server, or the remote host? If it's my server, how do I generate a larger DH key for qmail to use? If it's the other server, how do I tell qmail to accept a lower level of security or no encryption at all for this particular destination? Thanks for any advice, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dh key too small
/var/qmail/control/dh2048.pem On 12/16/2020 1:10 PM, Angus McIntyre wrote: 2048 bits ought to be enough, I would think. Most of the references to this problem that I was able to find suggested that it kicked in at 768 bits and smaller. So maybe it's the remote server. The remote is e4.echonyc.com (108.60.149.50). Where's the Diffie-Hellman key used by qmail stored on a CentOS/qmailtoaster server? Thanks, Angus Eric Broch wrote on 12/16/20 2:48 PM: hmmm Ours is 2048 bits. What's the remote server? On 12/16/2020 11:27 AM, Angus McIntyre wrote: CentOS 8 and Qmail Toaster Ver. 1.03-3.3.1.qt.el8. Angus Eric Broch wrote on 12/14/20 11:50 PM: What QMT/CentOS versions? On 12/14/2020 6:53 PM, Angus McIntyre wrote: My new toaster delivers mail just fine to almost all hosts. However, with one destination host I get the error: TLS connect failed: error:141A318A:SSL routines:tls_process_ske_dhe: dh key too small; connected to x.x.x.x I'm not going to try again ... The question is, which host has the undersized Diffie-Hellman key? Is it my server, or the remote host? If it's my server, how do I generate a larger DH key for qmail to use? If it's the other server, how do I tell qmail to accept a lower level of security or no encryption at all for this particular destination? Thanks for any advice, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dh key too small
2048 bits ought to be enough, I would think. Most of the references to this problem that I was able to find suggested that it kicked in at 768 bits and smaller. So maybe it's the remote server. The remote is e4.echonyc.com (108.60.149.50). Where's the Diffie-Hellman key used by qmail stored on a CentOS/qmailtoaster server? Thanks, Angus Eric Broch wrote on 12/16/20 2:48 PM: hmmm Ours is 2048 bits. What's the remote server? On 12/16/2020 11:27 AM, Angus McIntyre wrote: CentOS 8 and Qmail Toaster Ver. 1.03-3.3.1.qt.el8. Angus Eric Broch wrote on 12/14/20 11:50 PM: What QMT/CentOS versions? On 12/14/2020 6:53 PM, Angus McIntyre wrote: My new toaster delivers mail just fine to almost all hosts. However, with one destination host I get the error: TLS connect failed: error:141A318A:SSL routines:tls_process_ske_dhe: dh key too small; connected to x.x.x.x I'm not going to try again ... The question is, which host has the undersized Diffie-Hellman key? Is it my server, or the remote host? If it's my server, how do I generate a larger DH key for qmail to use? If it's the other server, how do I tell qmail to accept a lower level of security or no encryption at all for this particular destination? Thanks for any advice, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- https://raingod.com/ - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dh key too small
hmmm Ours is 2048 bits. What's the remote server? On 12/16/2020 11:27 AM, Angus McIntyre wrote: CentOS 8 and Qmail Toaster Ver. 1.03-3.3.1.qt.el8. Angus Eric Broch wrote on 12/14/20 11:50 PM: What QMT/CentOS versions? On 12/14/2020 6:53 PM, Angus McIntyre wrote: My new toaster delivers mail just fine to almost all hosts. However, with one destination host I get the error: TLS connect failed: error:141A318A:SSL routines:tls_process_ske_dhe: dh key too small; connected to x.x.x.x I'm not going to try again ... The question is, which host has the undersized Diffie-Hellman key? Is it my server, or the remote host? If it's my server, how do I generate a larger DH key for qmail to use? If it's the other server, how do I tell qmail to accept a lower level of security or no encryption at all for this particular destination? Thanks for any advice, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dh key too small
CentOS 8 and Qmail Toaster Ver. 1.03-3.3.1.qt.el8. Angus Eric Broch wrote on 12/14/20 11:50 PM: What QMT/CentOS versions? On 12/14/2020 6:53 PM, Angus McIntyre wrote: My new toaster delivers mail just fine to almost all hosts. However, with one destination host I get the error: TLS connect failed: error:141A318A:SSL routines:tls_process_ske_dhe: dh key too small; connected to x.x.x.x I'm not going to try again ... The question is, which host has the undersized Diffie-Hellman key? Is it my server, or the remote host? If it's my server, how do I generate a larger DH key for qmail to use? If it's the other server, how do I tell qmail to accept a lower level of security or no encryption at all for this particular destination? Thanks for any advice, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- https://raingod.com/ - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com