• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Qmail fails due to dh key length

deltatech

Regular Pleskian
I have been seeing these in my log and received complaints from customers not able to get their mail out. These messages just stay in the queue and go no where.

Can anyone post what they are successfully using as a tlsserverciphers and tlsclientciphers? Maybe it the dh key being too small. How can this be fixed on Qmail?


qmail: 1436646171.830486 delivery 6: deferral: TLS_connect_failed:_error:14082174:SSL_routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh_key_too_small;_connected_to_170.49.86.238.
 
Last edited:
I have already read that thread. It didn't help. We are able to do TLS just fine with most servers but there are some that gives that error about dh_key_too_small.

So it seems that TLS is working mostly but not for servers that require a 2048 bit dh key. Is there a way to have qmail use a 2048 bit dhparms key? If not, is there a patch coming soon? I am wondering if we need to move to postfix to fix this.
 
Back
Top