From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A3404158042 for ; Tue, 29 Oct 2024 06:10:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C5C1CE07FA; Tue, 29 Oct 2024 06:10:32 +0000 (UTC) Received: from out.packetderm.com (out.packetderm.com [173.166.91.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 39A88E07EE for ; Tue, 29 Oct 2024 06:10:31 +0000 (UTC) Received: from localhost (out.packetderm.com[173.166.91.13]) by smtp (5.7.4/5.7.4) with ESMTPSA id 49T6AT75073291 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 29 Oct 2024 02:10:30 -0400 (EDT) (envelope-from waltdnes@waltdnes.org) Date: Tue, 29 Oct 2024 02:10:36 -0400 From: Walter Dnes To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] [SOLVED] fetchmail: OpenSSL reported: error:0A00018A:SSL routines::dh key too small Message-ID: References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Archives-Salt: 9689a71b-0b20-468b-a8d1-5eae648f97d3 X-Archives-Hash: 6b61434b00f352004d0821708a8668d5 On Sat, Oct 26, 2024 at 01:14:17PM -0400, Walter Dnes wrote > My personal domain inbound email is directed to COTSE.net. I pull > with fetchmail. After yesterday's world update, fetchmail has been > failing with the error message in the subject. I can still access my > incoming email via webmail mode (BLEAGH!!!). I've set my gmail address > to forward directly to my ISP inbox, avoiding this problem. *I'M BACK!* It may have been a co-incidence that I ran into the problem right after an @world update https://www.cotse.net/notices.html > Oct 28 - During a recent deployment for some configuration changes, an > incorrect version of a dovecot configuration file was deployed. This > resulted in a weak Diffie-Hellmann parameter (1024 instead of 2048) > to be used in our imaps and pops protocols, as well as some weaker > ciphers to be available. We were notified by one of our subscribers > and it has been corrected. We do not see evidence of any of our > subscriber's email clients having selected a weaker cipher during > this time, which could be an indication of a MITM attack on that > subscriber. This did not affect webmail users. -- There are 2 types of people in this world 1) Those who can extrapolate from incomplete data