[Bug 1039043] [NEW] exim tls fails: Diffie-Hellman prime too short

Krzysztof kwarzecha7 at gmail.com
Mon Aug 20 14:08:34 UTC 2012


Public bug reported:

Hello,

This is upstream bug, see http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=684340 and http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=676563

Exim fails to send email with this message in log: "The Diffie-Hellman
prime sent by the server is not acceptable (not long enough).". This is
caused by patch 66_enlarge-dh-parameters-size.dpatch in source package
exim (one that you can download with 'apt-get source exim4'). This was
fixed in Debian by making DH_BITS value configurable.

$ lsb_release -rd
Description:    Ubuntu 11.04
Release:        11.04

$ apt-cache policy exim4
exim4:
  Installed: 4.74-1ubuntu1.2
  Candidate: 4.74-1ubuntu1.2
  Version table:
 *** 4.74-1ubuntu1.2 0
        500 http://mirror.ovh.net/ftp.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     4.74-1ubuntu1 0
        500 http://mirror.ovh.net/ftp.ubuntu.com/ubuntu/ natty/main amd64 Packages

What i excepted to happen: exim should deliver message if remote server
is using weak encryption and exim is configured to accept weak
encryption

What happened instead: exim refused to deliver message, there is no
option to make exim accept weak encryption. Message cannot be delivered
without messing with exim sources.

** Affects: exim4 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/1039043

Title:
  exim tls fails: Diffie-Hellman prime too short

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1039043/+subscriptions



More information about the Ubuntu-server-bugs mailing list