Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
TLS negotiation in mutt
490 views
Skip to first unread message
Veljko
Oct 11, 2013, 2:00:02 PM10/11/13
to
Hello,
I'm using mutt with all my accounts and most of them work fine. My work email
account is hosted on exchange server and I'm using mutt's built in SMTP
functionality. I have set ssl_starttls=yes and when I'm trying to send email
I'm getting error:
"gnutls handshake: the diffie-helman prime sent by the server is not
acceptable (not long enough)
Could not negotiate TLS connection"
I tried to google something, but failed to find usable solution.
Does anyone have some idea why this is happening and how can I fix this so I
can send emails?
Regards,
Veljko
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/20131011175...@angelina.example.com
Jochen Spieker
Oct 11, 2013, 2:40:02 PM10/11/13
to
Veljko:
http://www.madboa.com/geek/openssl/#cs-smtp
J.
--
People talking a foreign language are romantic and mysterious.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
>
> Hello,
>
> I'm using mutt with all my accounts and most of them work fine. My work email
> account is hosted on exchange server and I'm using mutt's built in SMTP
> functionality. I have set ssl_starttls=yes and when I'm trying to send email
> I'm getting error:
>
> "gnutls handshake: the diffie-helman prime sent by the server is not
> acceptable (not long enough)
>
> Could not negotiate TLS connection"
Can you connect using openssl?
> Hello,
>
> I'm using mutt with all my accounts and most of them work fine. My work email
> account is hosted on exchange server and I'm using mutt's built in SMTP
> functionality. I have set ssl_starttls=yes and when I'm trying to send email
> I'm getting error:
>
> "gnutls handshake: the diffie-helman prime sent by the server is not
> acceptable (not long enough)
>
> Could not negotiate TLS connection"
http://www.madboa.com/geek/openssl/#cs-smtp
J.
--
People talking a foreign language are romantic and mysterious.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Henrique de Moraes Holschuh
Oct 11, 2013, 2:50:01 PM10/11/13
to
On Fri, 11 Oct 2013, Veljko wrote:
> "gnutls handshake: the diffie-helman prime sent by the server is not
> acceptable (not long enough)
Check option ssl_min_dh_prime_bits for the config file .muttrc. It is
> "gnutls handshake: the diffie-helman prime sent by the server is not
> acceptable (not long enough)
listed in the muttrc(5) manpage. It might help you.
> Does anyone have some idea why this is happening and how can I fix this so I
> can send emails?
certificate (i.e. they'll need a new one with a much larger key size).
Anyway, look at this:
http://gnutls.org/manual/html_node/Selecting-cryptographic-key-sizes.html
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Veljko
Oct 11, 2013, 3:10:02 PM10/11/13
to
On Fri, Oct 11, 2013 at 08:32:37PM +0200, Jochen Spieker wrote:
> Can you connect using openssl?
>
> http://www.madboa.com/geek/openssl/#cs-smtp
>
> J.
It seams that I can:
> Can you connect using openssl?
>
> http://www.madboa.com/geek/openssl/#cs-smtp
>
> J.
Acceptable client certificate CA names
/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
---
SSL handshake has read 3507 bytes and written 501 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Regards,
Veljko
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Veljko
Oct 11, 2013, 3:10:02 PM10/11/13
to
On Fri, Oct 11, 2013 at 03:39:47PM -0300, Henrique de Moraes Holschuh wrote:
> On Fri, 11 Oct 2013, Veljko wrote:
> > "gnutls handshake: the diffie-helman prime sent by the server is not
> > acceptable (not long enough)
>
> Check option ssl_min_dh_prime_bits for the config file .muttrc. It is
> listed in the muttrc(5) manpage. It might help you.
It sure did. I set ssl_min_dh_prime_bits variable to 128 and it worked.
> On Fri, 11 Oct 2013, Veljko wrote:
> > "gnutls handshake: the diffie-helman prime sent by the server is not
> > acceptable (not long enough)
>
> Check option ssl_min_dh_prime_bits for the config file .muttrc. It is
> listed in the muttrc(5) manpage. It might help you.
Thanks Hanrique!
Do you know what is the GNUTLS default value?
Regards,
Veljko
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Henrique de Moraes Holschuh
Oct 11, 2013, 3:40:03 PM10/11/13
to
On Fri, 11 Oct 2013, Veljko wrote:
> On Fri, Oct 11, 2013 at 03:39:47PM -0300, Henrique de Moraes Holschuh wrote:
> > On Fri, 11 Oct 2013, Veljko wrote:
> > > "gnutls handshake: the diffie-helman prime sent by the server is not
> > > acceptable (not long enough)
> >
> > Check option ssl_min_dh_prime_bits for the config file .muttrc. It is
> > listed in the muttrc(5) manpage. It might help you.
>
> It sure did. I set ssl_min_dh_prime_bits variable to 128 and it worked.
> Thanks Hanrique!
>
> Do you know what is the GNUTLS default value?
http://www.metzdowd.com/pipermail/cryptography/2013-September/017323.html
> On Fri, Oct 11, 2013 at 03:39:47PM -0300, Henrique de Moraes Holschuh wrote:
> > On Fri, 11 Oct 2013, Veljko wrote:
> > > "gnutls handshake: the diffie-helman prime sent by the server is not
> > > acceptable (not long enough)
> >
> > Check option ssl_min_dh_prime_bits for the config file .muttrc. It is
> > listed in the muttrc(5) manpage. It might help you.
>
> It sure did. I set ssl_min_dh_prime_bits variable to 128 and it worked.
> Thanks Hanrique!
>
> Do you know what is the GNUTLS default value?
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/20131011192...@khazad-dum.debian.net
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Veljko
Oct 11, 2013, 3:50:03 PM10/11/13
to
On Fri, Oct 11, 2013 at 04:29:37PM -0300, Henrique de Moraes Holschuh wrote:
> > Do you know what is the GNUTLS default value?
>
> http://www.metzdowd.com/pipermail/cryptography/2013-September/017323.html
Thanks again!
> > Do you know what is the GNUTLS default value?
>
> http://www.metzdowd.com/pipermail/cryptography/2013-September/017323.html
Regards,
Veljko
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
0 new messages