On Tue, Aug 28, 2018 at 09:53:58AM -0300, Antonio Terceiro wrote: > On Thu, Aug 23, 2018 at 03:24:52PM -0600, dann frazier wrote: > > Package: bip > > Version: 0.8.9-1.1 > > Severity: normal > > Tags: patch > > > > I run bip on a stretch system, and connect to it from a hexchat client on > > sid. After a recent upgrade of the client, which pulled in openssl 1.1, > > hexchat began failing to connect to my server with the message: > > > > error:141a318a:ssl routines:tls_process_ske_dhe:dh key too small > > > > I found that backporting bip 0.9.0~rc3-1 to jessie worked. I further found > > that just cherry-picking the following commit back to bip 0.8.9 seems to be > > sufficient: > > > > 39414f8 Handle OpenSSL version 1.1 > > I just tried backporting commit 39414f8 to the bip version in stretch, > and it doesn't really fix the issue. There is probably some other commit > that is needed.
I literally poked that patch into debian/patches{/series}, quilt applied it and rebuilt, and it started working for me. Maybe there's something different about our configs?