Re: [qmailtoaster] DH too small suggestions?

[Eric Broch]

I had another toaster user do the following

# cd /var/qmail/control
# cp -p tlsserverciphers tlsserverciphers.bak

# echo 
'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:DEFAULT@SECLEVEL=1:HIGH:!DH:!aNULL' 
>  tlsserverciphers

# qmailctl stop

# qmailctl start

Mail delivered properly.

It might be worth a try to change SECLEVEL=1 to SECLEVEL=2 for greater 
security:

# echo 
'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:DEFAULT@SECLEVEL=2:HIGH:!DH:!aNULL' 
>  tlsserverciphers

Eric

On 11/13/2024 1:30 AM, pe...@peterse-uithuizen.com wrote:
In my case the cause was that I removed some DH (Diffy Hellman) 
cyphers, probably to much to be good ;-)
Restore to the old cypher config fixed the error:
TLS connect failed: error:0A00018A:SSL routines::dh key too small; 
connected to xx.yy.zz.213.

Peter

Chris Knight schreef op 2024-11-13 04:24:
Can you expand on what that means, and how you fixed it?

Thanks!

-Chris

On Nov 13, 2024, at 7:28 AM, Remo Mattei <r...@mattei.org> wrote:

Hello guys, I solved the issue there was a mismatch on one of the 
domain name.

Remo

On Nov 12, 2024, at 08:02, Remo Mattei <r...@mattei.org> wrote:

Hello guys any suggestions on this?

deferral: 
TLS_connect_failed:_error:0A00018A:SSL_routines::dh_key_too_small;_connected_to_217.182.248.176./

Thanks,

I generated a new key of 4096 but still got this error.

Remo
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com



---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com



---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com