On Wed, Nov 17, 2021 at 07:24:02AM +0000, Claus Assmann wrote:
> On Wed, Nov 17, 2021, Andrew D. Arenson wrote:
>
> > Oct 21 19:52:35 redsolar sm-mta[1465905]: STARTTLS=client, error:
> > connect failed=-1, reason=dh key too small, SSL_error=1, errno=0,
>
> It seems your sendmail version is a bit old? Check your favorite
> search engine... you need to generate a larger DH key - how to do
> that depends on your OS (or maybe update sendmail or disable DH?)
My sendmail version is 8.15.2-18. The most current version is 8.17.1 .
I'm having a hard time getting a sense of how old my version is, but it's what
Ubuntu offers, so I wouldn't guess it was that old.
I've attempted to follow instructions I found for configuring sendmail
to use a 2048 bit dh key, but it's had seemingly no effect:
# openssl dhparam -out /etc/pki/tls/certs/dhparams.pem 2048
# cd /etc/mail
# (edit sendmail.mc)
LOCAL_CONFIG
O CipherList=HIGH:!ADH
O DHParameters=/etc/pki/tls/certs/dhparams.pem
# make
# /etc/init.d/sendmail reload
If the problem has nothing to do with mutt, than I'll certainly
understand if this isn't the place to keep asking for more help. If anyone has
further advice, I'm happy to hear it.
Andy
--
Andrew D. Arenson (he/him) H 317.964.0493
arenson (at) spatzel.net C 317.679.4669
