Infrastructure | TLS configuration problem on smtp.gnome.org: "dh key too small" (#189)

From: Bjørn Mork <gitlab-issues gnome org>
To: gnome-infrastructure gnome org
Subject: Infrastructure | TLS configuration problem on smtp.gnome.org: "dh key too small" (#189)
Date: Thu, 03 Oct 2019 14:58:36 +0000

Title: GitLab

Bjørn Mork created an issue:

This causes mail delivery problems with modern TLS clients. The issue is easy to reproduce with openssl 1.1:

bjorn@canardo:~$ openssl s_client -connect smtp.gnome.org:25 -starttls smtp -quiet depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = gnome.org verify return:1 140507914929280:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2150:

Follow-Ups:
- Re: Infrastructure | TLS configuration problem on smtp.gnome.org: "dh key too small" (#189)
  - From: Andrea Veri
- Re: Infrastructure | TLS configuration problem on smtp.gnome.org: "dh key too small" (#189)
  - From: Bartłomiej Piotrowski
- Re: Infrastructure | TLS configuration problem on smtp.gnome.org: "dh key too small" (#189)
  - From: Bartłomiej Piotrowski

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]