[prev in list] [next in list] [prev in thread] [next in thread] 

List:       alpine-info
Subject:    Re: [Alpine-info] SSL negotiation failed for imap since alpine 2.21
From:       Robert Wolf <r.wolf.pine () atlas ! cz>
Date:       2020-06-22 19:56:32
Message-ID: nycvar.QRO.7.78.906.2006222151080.17306 () jbys-ro
[Download RAW message or body]

On Mon, 22 Jun 2020, Gregory Heytings wrote:

> The IMAP server also supports TLSv1.2 indeed.  But it is not configured
> properly: its DH keys are too small, they are 1024 bits wide, and it has been
> an industry standard since 2015 to require at least 2048 bits wide DH keys
> (see https://weakdh.org).  I would suggest you to contact the administrator of
> the IMAP server and ask him to fix this, it does not take more than a few
> minutes (it takes two commands, one to generate a DH parameter file, and

Hello Gregory,

you are right, but this is exactly the problem. My server is debian 7 with
dovecot 2.1.7. And the option ssl_dh_parameters_length is in dovecot from
version 2.2. So I *have to* update my server to be able change dh params :-)
Or at least update dovecot, which means either backport 2.2 from newer debian
or somehow compile myself, but then is easier to update whole debian. But it's
better to update whole system to have other packages updated. And maybe I
don't need set other DH params after update, because the default has been
already changed to >=2048.

Thank you for your investigation and temporary workaround.

Regards,

Robert Wolf.
_______________________________________________
Alpine-info mailing list
Alpine-info@u.washington.edu
http://mailman13.u.washington.edu/mailman/listinfo/alpine-info
[prev in list] [next in list] [prev in thread] [next in thread]