On 2016-04-01, Fundemap S.A. - Sergio Sánchez <administracion3@???> wrote: > Hi,
> i'm having tls errors like this:
> TLS error on connection to mail.xxxx1.com.ar [ip] (gnutls_handshake):
> The Diffie-Hellman prime sent by the server is not acceptable (not long
> enough).
> TLS error on connection from mail.xxxx2.com.ar (nameserver) [ip]
> (gnutls_handshake): A record packet with illegal version was received.
By my somewhat limited understanding of encryption it seems that the
remote end of the TLS link is trying to use an insecure encryption
scheme.
Could be old software on the destination server, could be a man-in-the-middle TLS
downgrade attack.
Perhaps confirm this using "opessl" and then contact postmaster at the remote end
and let them know.
Alternatively you could ask the sender for permission to turn off encryption for
that destination.
