On 6/18/2015 10:43 AM, Claus Assmann wrote:
> On Thu, Jun 18, 2015, Mike Tancsa wrote:
>
>> But we also have been seeing the odd site that cannot accept mail now
>> with opportunistic encryption, so we had to disable TLS for them :(
>
> Do you have a list of those?
> Are those sites having problems with larger DH primes?
Actually, Looking at the error message, I guess its on our end.
STARTTLS=client, error: connect failed=-1, reason=dh key too small,
SSL_error=1, errno=0, retry=-1
I added
define(`confDH_PARAMETERS', `2')
to this particular server
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
