Re: kmail and reportbug problem - error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
- Date: Tue, 30 Oct 2018 15:24:50 +0100
- From: Hans <hans.ullrich@xxxxxxx>
- Subject: Re: kmail and reportbug problem - error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
thanks for your help! It helped really!
Downgrading to the former version was not possible, due to the dependencies
and meanwhile missing packages in the repo.
So I decided to do the second way: Installing the libssl packages from
unstable, then editing /etc/ssl/openssl.cnf like advised in the NEWS.Debian.gz
This is working, however, if Microsoft, Apple, Google and so on are changing
their policies in 2020, IMO the changes in libssl are apppearing a little bit
early, I think.
Maybe the default conf should be overwritten with defaultz entries described
in NEWS.Debian.gz. This would minimize conbfusion. And in 2020 peoplöe can
change the entry then...
For me, at the moment, this problem is solved, but you should not close your
files bugreport, as the problemn generally is not fixed.
Again, thanks for your help, it pointes me straight to the correct direction.
Best regards and happy hacking!
> likely it was libssl1.1 upgrade which made TLS1.2 the minimum
> version, but i'm not familiar with kmail at all so perhaps there
> is some setting in there that needs to be adjusted.
> for me mutt sending mail works fine, but i could not use my
> normal getmail setup unless i downgraded libssl1.1 to the
> previous version.
> for getmail/getmail4 and i filed bug for checking dependencies
> of libssl1.1 (bug 912067).
> short answer, install latest update from unstable and then
> see NEWS.Debian or downgrade libssl1.1 and libssl-dev to
> previous version and see if that helps.
> if you downgrade and then hold the package then your
> apt updates will complain about broken packages. so i
> set up a script to do the libssl1.1 upgrade, then do
> the updates and upgrade and then downgrade again, but
> in the end i used the workaround from the NEWS file
> instead because i don't like having to work around apt
> issues every day.
> hope this helps,