Viktor Dukhovni:
iutax.de.pri-mx.eu0105.smtproutes.com[94.186.192.102]:25
Yes, this server has a 768-bit DH key.
a larger email service provider :-/
see https://www.robtex.com/en/advisory/ip/94/186/192/102/
The 1024-bit lower limit is enforced internally by the OpenSSL
library and cannot be reduced.
thanks for clarification
The systems have different OpenSSL libraries, and in particular at
least one of them has not deployed all of the most recent OpenSSL
security updates.
looks like Debian Jessie (stable) still accept weak DH keys
As mentioned we see numerous domains with the same broken MX.
I have to list them one by one in the transport table
or did I forgot a cool configuration to catch any destination domain
with this specific MX?
Andreas
