Public bug reported: Hello,
I spent the better part of the morning trying to get the Ubuntu sendmail package to use a 2048 DH parameters file created like this so that it could send email to hosts that have fixed logjam already... openssl dhparam -out /etc/mail/tls/dhparams.pem 2048 changed sendmail.mc to define(`confDH_PARAMETERS', `/etc/mail/tls/dhparams.pem')dnl make in sendmail.cf it says O DHParameters=/etc/mail/tls/dhparams.pem but no matter what I do sendmail doesn't use the new DH Parameters file. It keeps giving this error Sep 9 10:11:06 d3 sm-mta[10012]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1 Sep 9 10:11:06 d3 sm-mta[10012]: STARTTLS=client: 10012:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3339: ** Affects: sendmail (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1493922 Title: sendmail package does not support strong DH/TLS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sendmail/+bug/1493922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs