Hi, Canonical have decided to have decided to ship Ubuntu with a openssl binary compiled with the seclevel option set to 2 as default:
"Security level set to 112 bits of security. As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using RC4 is also prohibited. SSL version 3 is also not allowed. Compression is disabled." https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689 https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level This might have some implications for anyone running a mail server on Ubuntu as smtp delivery to recipients with a "legacy" SSL configuration will break with SSL errors like for example: "SSL routines:tls_process_ske_dhe:dh key too small" Just thought I'd spare others some troubleshooting in case you run in to this, and see if anyone else have any thoughts on it. :) -- BR/Mvh. Dan Malm, Systems Engineer, One.com _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
