On Mon, Nov 18, 2013 at 10:53:19AM +0100, Andreas Schulze wrote:
> >On the other hand, some Exim MTA SMTP clients (patched by a
> >well-meaning, but under-informed Debian maintainer) don't support
> >DH primes shorter than 2048 bits.
>
> I had trouble to receive messages from those sites too.
>
> I changed smtpd_tls_dh1024_param_file to use a 2k dh key at the mx server.
> That solved the problem ...
Any evidence of other legitimate MTAs that now routinely fail TLS
handshakes?
I don't believe that the rather minimal TLS stack on Windows 2003
supports any EDH ciphersuites, so old Microsoft Exchange versions
are probably unaffected.
Similarly, no MTAs using OpenSSL or GnuTLS have such a limit, thus
Sendmail, Exim and Qmail patched with TLS support are fine.
The historical upper-bound on prime-DH sizes in NSS (the PKI stack
in Netscape and then Firefox, ...) is 2236 bits. Thus 2048-bits
should interoperate with Oracle Communications Messaging Server.
https://bugzilla.mozilla.org/show_bug.cgi?id=636802
This leaves email from the large consumer email providers (Gmail,
Hotmail, Yahoo, AOL), various vendor border SMTP appliances and
various telco ISP email systems.
Is there any evidence of inbound TLS handshake failures from any
MTAs in the last group that is possibly related to interoperability
issues with 2048 bit EDH?
--
Viktor.
