Hi Marc, I think you are running into the consequences of a recently exposed certificate security issue. The "Logjam" attack is an example of the threat in action.
I believe that as a result of this issue the industry (notably Google and Mozilla) have updated software and servers to reject certificates it doesn't consider secure enough. For Thunderbird see here: https://support.mozilla.org/en-US/kb/thunderbird-and-logjam The problem is explained more fully here: https://weakdh.org/ I think as a minimum you will have to update your version of OpenSSH if that is what you are using and maybe disable support for export cipher suites and use a 2048-bit Diffie-Hellman group. Regards, David Legg On 28/12/15 04:22, Marc Chamberlin wrote: > Hi - I am running a James 2.3.2 server on OpenSuSE12.3 and am running > into an issue with using TLS/SSL connections. In particular clients > using Mozilla Thunderbird can no longer connect on those ports to pick > up or send emails. (This use to work fine and I have not changed my > James configuration file. I just now updated my keystore file but that > made no difference. Thunderbird issues a complaint - > > SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange > handshake message. > > (Error code: ssl_error_weak_server_ephemeral_dh_key) > > Anyone got any ideas on what one is to do to solve this issue? Thanks in > advance... Marc... > --------------------------------------------------------------------- To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
