Note that gmail announced dropping support for ssl3/rc4 in 2015 ( https://security.googleblog.com/2015/09/disabling-sslv3-and-rc4.html) and actually did it in 2016... and the hosts that were using it prior to that was a small fraction.
Does the above mean that it will fail DKIM keys less than 2048 will fail? That's likely the larger issue. Brandon On Wed, Jan 6, 2021 at 5:27 AM Dan Malm via mailop <mailop@mailop.org> wrote: > Hi, > > Canonical have decided to have decided to ship Ubuntu with a openssl > binary compiled with the seclevel option set to 2 as default: > > "Security level set to 112 bits of security. As a result RSA, DSA and DH > keys shorter than 2048 bits and ECC keys shorter than 224 bits are > prohibited. In addition to the level 1 exclusions any cipher suite using > RC4 is also prohibited. SSL version 3 is also not allowed. Compression > is disabled." > > https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689 > > https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level > > This might have some implications for anyone running a mail server on > Ubuntu as smtp delivery to recipients with a "legacy" SSL configuration > will break with SSL errors like for example: "SSL > routines:tls_process_ske_dhe:dh key too small" > > Just thought I'd spare others some troubleshooting in case you run in to > this, and see if anyone else have any thoughts on it. :) > > -- > BR/Mvh. Dan Malm, Systems Engineer, One.com > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
