Source: exim4 Version: 4.80-2 Severity: important This breaks relaying to my smarthost which requires secure authentication, but apparently doesn't have the new required DH size of 2048.
from /var/log/exim4/mainlog: 2012-06-07 11:57:56 1Schu8-0005cQ-SD <= kevmi...@math.sfu.ca U=kevmitch P=local S=472 id=20120607185756.ga21...@math.sfu.ca 2012-06-07 11:58:02 1Schu8-0005cQ-SD TLS error on connection to pobox.sfu.ca [142.58.101.28] (gnutls_handshake): The Diffie-Hellman prime sent by the server is not acceptable (not long enough). Maybe a key shorter than 2048 is "insecure", but most people (myself included) are not in a position to "fix" their smarthost. This wouldn't be so bad as a default, except that as far as I can tell, there is no way to configure it short of recompiling without 66_enlarge-dh-parameters-size.dpatch. I would recommend either dropping the patch or adding a runtime configuation option. Kevin -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (400, 'stable'), (300, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.4.1.01 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
