Loading ...
Sorry, an error occurred while loading the content.

296703Re: Diffie-Hellman parameters

Expand Messages
  • Viktor Dukhovni
    Nov 18 6:16 AM
    • 0 Attachment
      On Mon, Nov 18, 2013 at 10:53:19AM +0100, Andreas Schulze wrote:

      > >On the other hand, some Exim MTA SMTP clients (patched by a
      > >well-meaning, but under-informed Debian maintainer) don't support
      > >DH primes shorter than 2048 bits.
      > I had trouble to receive messages from those sites too.
      > I changed smtpd_tls_dh1024_param_file to use a 2k dh key at the mx server.
      > That solved the problem ...

      Any evidence of other legitimate MTAs that now routinely fail TLS

      I don't believe that the rather minimal TLS stack on Windows 2003
      supports any EDH ciphersuites, so old Microsoft Exchange versions
      are probably unaffected.

      Similarly, no MTAs using OpenSSL or GnuTLS have such a limit, thus
      Sendmail, Exim and Qmail patched with TLS support are fine.

      The historical upper-bound on prime-DH sizes in NSS (the PKI stack
      in Netscape and then Firefox, ...) is 2236 bits. Thus 2048-bits
      should interoperate with Oracle Communications Messaging Server.


      This leaves email from the large consumer email providers (Gmail,
      Hotmail, Yahoo, AOL), various vendor border SMTP appliances and
      various telco ISP email systems.

      Is there any evidence of inbound TLS handshake failures from any
      MTAs in the last group that is possibly related to interoperability
      issues with 2048 bit EDH?

    • Show all 8 messages in this topic