[Operators] dh key size too small -- DH key sizes less than 2048 bits rejected by OpenSSL in Debian stable
jonas at wielicki.name
Thu Aug 8 17:23:01 UTC 2019
Here a quick heads up: DH groups with less than 2048 bits are rejected by
OpenSSL as shipped with Debian stable. This poses interop issues for domains
which do have such groups (e.g. jabber.org, jabber.ru).
Please check your service configuration for the DH group size.
I think the error can only be seen from within XMPP on the side with the
stricter settings ("dh key size too small"), while for the other side it
probably looks just like a timeout because the error happens before dialback
or anything can happen.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the Operators