On Wed, Jan 15, 2014 at 3:02 AM, Oliver Howe <ojhowe@???> wrote: > I've recently started seeing these error messages when sending to yahoo
>
> 2014-01-15 10:49:55 1W3O2j-0002iY-Mv TLS error on connection to
> mta5.am0.yahoodns.net [98.138.112.34] (gnutls_handshake): The
> Diffie-Hellman prime sent by the server is not acceptable (not long enough)
There is a line in src/ssl-gnu.c:
#define EXIM_CLIENT_DH_MIN_BITS 1024
Apparently some (all?) servers at yahoo are using gnutls with a lower
setting. You might be able to override this and rebuild exim (though
that's not advised, you'll create problems for people sending to you).
This is not a runtime setting, only build time.
> After some googling I thought maybe my self signed TLS key was not strong
> enough and so regenerated it with -
Nah, it's not your key with the problem, it's the other side.
...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine
