I'm running Exim 4.76 on Ubuntu server 12.
I presume this issue will go away if I install the latest version of Exim
as it looks like the dh_min_bits was released in 4.80, according to
https://lists.exim.org/lurker/message/20120601.101708.8a0ac655.en.html
On Wed, Jan 15, 2014 at 10:36 PM, Viktor Dukhovni
<exim-users@???>wrote:
> On Wed, Jan 15, 2014 at 01:07:09PM -0800, Todd Lyons wrote:
>
> > (Not) funny. I was wrong on BOTH counts. It is a runtime
> > configuration and it is the user's problem. I guess I have been
> > fortunate enough to have only ever used OpenSSL because it has always
> > just worked without need for tweaking.
>
> Note, some Debian releases patched Exim to make it "more secure",
> thereby breaking TLS handshakes with most servers, and making Exim
> less secure when Exim falls back to cleartext delivery. The OP
> may well have one of the "improved" Debian Exim versions.
>
> This has been discussed on either Exim-dev or Exim-users before.
> It is also documented in
>
> http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs
>
> near the bottom of that section. This motivated the recommendation
> for Postfix administrators to create 2048-bit DHE parameter files.
>
> --
> Viktor.
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
