[Operators] s2s connectivity to jabber.ru -- dh key too small

Jonas Schäfer jonas at wielicki.name
Thu Aug 8 17:14:29 UTC 2019


Dear list,

Hopefully someone from jabber.ru is here or someone knows someone there. I was 
contacted by someone @jabber.ru, but I cannot reply because the DH key size 
used by their server for TLS is too small to be accepted by the TLS libraries 
distributed with Debian stable.

Can someone forward this information to them so that they can upgrade their 
implementation? The minimum DH key size supported is 2048 bits.

This is affecting the listing of MUCs on search.jabbercat.org / 
search.jabber.network since the XMPP server used for that runs on Debian 
stable and will thus not be able to establish s2s connections to jabber.ru for 
MUC indexing.

You can contact me off-list via E-Mail using the address this E-Mail was sent 
from (XMPP will probably not work if you’re on jabber.ru due to the issue) if 
you need more info.

(Note that DH key sizes smaller than 2048 have been flagged by xmpp.net for 
years now, and Debian and others have announced that quite some time ago.)

kind regards,
Jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.jabber.org/pipermail/operators/attachments/20190808/bc4af75e/attachment.sig>


More information about the Operators mailing list