On Wed, Jan 15, 2014 at 3:02 AM, Oliver Howe <[email protected]> wrote: > I've recently started seeing these error messages when sending to yahoo > > 2014-01-15 10:49:55 1W3O2j-0002iY-Mv TLS error on connection to > mta5.am0.yahoodns.net [98.138.112.34] (gnutls_handshake): The > Diffie-Hellman prime sent by the server is not acceptable (not long enough)
There is a line in src/ssl-gnu.c: #define EXIM_CLIENT_DH_MIN_BITS 1024 Apparently some (all?) servers at yahoo are using gnutls with a lower setting. You might be able to override this and rebuild exim (though that's not advised, you'll create problems for people sending to you). This is not a runtime setting, only build time. > After some googling I thought maybe my self signed TLS key was not strong > enough and so regenerated it with - Nah, it's not your key with the problem, it's the other side. ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
