Tomasz Żok <[email protected]> writes:
[...] >> ERROR: Unknown SSL protocol connecting to host >> 'bbs.cybervalley.org' for repository 'RemotoBBs'. OpenSSL responded: >> [SSL: SSL_NEGATIVE_LENGTH] dh key too small (_ssl.c:590) >> >> (...) >> >> What could be the error? > > OpenSSL has issued a change to protect from known vulnerability. You can > read more here: > https://weakdh.org/ > https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ [...] > dh key. > > You can check if your IMAP server is vulnerable with the command: > $ openssl s_client -connect $SERVER:imaps -cipher "EDH" | grep > "Server Temp Key" > Where $SERVER is the hostname of your IMAP server. If the result shows > 768 bits or less then OpenSSL (and OfflineIMAP effectively) will refuse > to connect. Soon, 1024 bits will also be treated as too weak and > refused. Server Temp Key: DH, 768 bits Ok, it's clear! > I think in this situation, only the IMAP server admin can aid. Even if > there were some action possible on the client side, it would be at > a cost of lower security. I am the admin of server (it is in my house) and I can do what I can/like because it is a family server. I use courier as imap sever for many years and I would not change but I tried to use a certificate from letsencrypt project but it gives some error. P.S.: thanks a lot for explanation! -- leandro Scegli sempre un'idea che ti permetta poi di cambiarla http://6xukrlqedfabdjrb.onion
signature.asc
Description: PGP signature
_______________________________________________ OfflineIMAP-project mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project OfflineIMAP homepages: - https://github.com/OfflineIMAP - http://offlineimap.org
