<<< Date Index >>>     <<< Thread Index >>>

Re: error about TLS when sending mail



* Chengqi(Lars) Song on Thursday, April 30, 2009 at 21:12:12 +0800
> I always get this message when sending mail:
> 
>  Apr 30 20:24:19 host=smtp.abc.com tls=on auth=on user=lars from=lars@xxxxxxx 
> recipients=larsGG.tospace@xxxxxxx errormsg='TLS handshake failed: The Diffie 
> Hellman prime sent by the server is not acceptable (not long enough).' 
> exitcode=EX_PROTOCOL
> 
> the domain name is substituded to abc.com for privacy.
> 
> When I use other msmtp servers there is nothing wrong. only the 'abc.om' has 
> this problem. How can I fix it?
                   ^^^^^
In case this means that you're using msmtp, this is an msmtp and
not a mutt question ;-) I seem to remember encountering something
similar when using msmtp though.

>From man msmtp:

--tls-min-dh-prime-bits=[bits]
     Set or unset minimum bit size of the Diffie-Hellman (DH) prime. See the
     tls_min_dh_prime_bits command below.

[...]


tls_min_dh_prime_bits [bits]
     Set or unset the minimum number of Diffie-Hellman (DH) prime bits that 
msmtp will accept for
     TLS sessions. The default is set by the TLS library and can be selected by 
using an empty
     argument to this command. Only lower the default (for example to 512 bits) 
if there is no
     other way to make TLS work with the remote server.


Setting

tls_min_dh_prime_bits 512

in my msmtprc helped me overcome the problem, perhaps the same
holds true for you.

c
-- 
  Was heißt hier Dogma, ich bin Underdogma!
[ What the hell do you mean dogma, I am underdogma. ]
_F R E E_  _V I D E O S_  http://www.blacktrash.org/underdogma/
                          http://www.blacktrash.org/underdogma/index-en.html