On 23 Jan 2020, at 18:01, John Covici via mailop wrote:
Hi. I am using sendmail from my own server and using a virtual
machine in the cloud as a relay. That machine all of a sudden several
days ago keeps getting a message saying
Jan 23 17:51:33 debian-2 sm-mta[7625]: STARTTLS=client, error: connect
failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1
Now, in my sendmail.mc (included from starttls.m4 I have
define(`confDH_PARAMETERS', `/etc/mail/tls/sendmail-common.prm')dnl
# <= EDIT and I made sure that the file was regenerated with 2046 bits
by doing
openssl dhparam -out /etc/mail/tls/sendmail-common.prm 2048
So, what the heck is happening, wnhy do at least some sites say the dh
key is too small?
Thanks in advance for any suggestions.
In case you have not done so already, actually LOOK at that file. It
should be a PEM-format file containing:
-----BEGIN DH PARAMETERS-----
[6x64-character lines of Base64, last line partial]
-----END DH PARAMETERS-----
Also check the size (424 bytes) permissions (must be readable by
whatever user Sendmail runs as) and if you're using SELinux, make sure
it has the correct file context label. And make sure that name is right:
did you actually use the ".prm" filename extension in creating it and in
your sendmail.mc?
Often the problem with arcane technical issues is actually in the
simplest external details...
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
