On Thu, Jan 23, 2020, John Covici via mailop wrote: > Jan 23 17:51:33 debian-2 sm-mta[7625]: STARTTLS=client, error: connect > failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1
AFAICT it's the key from "the other side" that openssl is complaining about -- did you recently upgrade it? You could disable the DHE ciphers, e.g. something like this (note: you have to "match" this with your openssl version and the ciphers it supports): O CiphersList=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:AES128-SHA:DES-CBC3-SHA Note that that must be one very long line. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
