Public bug reported:
Hello,
I spent the better part of the morning trying to get the Ubuntu sendmail
package to use a 2048 DH parameters file created like this so that it
could send email to hosts that have fixed logjam already...
openssl dhparam -out /etc/mail/tls/dhparams.pem 2048
changed sendmail.mc to define(`confDH_PARAMETERS',
`/etc/mail/tls/dhparams.pem')dnl
make
in sendmail.cf it says O DHParameters=/etc/mail/tls/dhparams.pem
but no matter what I do sendmail doesn't use the new DH Parameters file.
It keeps giving this error
Sep 9 10:11:06 d3 sm-mta[10012]: STARTTLS=client, error: connect failed=-1,
SSL_error=1, errno=0, retry=-1
Sep 9 10:11:06 d3 sm-mta[10012]: STARTTLS=client: 10012:error:14082174:SSL
routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3339:
** Affects: sendmail (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493922
Title:
sendmail package does not support strong DH/TLS
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sendmail/+bug/1493922/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
