Fetcmail error

[sprock]

Hello,

I have previously used fetchmail to download mail form a server. Recently this stopped working with the following error:

Apr 17 06:37:05 fetchmail: OpenSSL reported: error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

This is my .fetchmailrc:

set postmaster "fred"
set bouncemail
set no spambounce
set softbounce
set properties ""
# set daemon 300

# Server options:
poll  mail.sum.wear protocol IMAP username "fred" password "slillyme"
      ssl;
#      keep;
options ssl sslcertck sslcertfile /usr/local/share/certs/ca-root-nss.crt

I'm on 13.4-RELEASE-p5.

Thanks fo any help.
sprock

 

[tommiie]

dh key too small

DH stands for Diffie–Hellman so it is related to the DH keys used by OpenSSL. It would be interesting to know which server and if the error gets reported when fetching mail from other servers as well. Either way, I guess the solution to the problem should be searched for in the OpenSSL configuration, e.g. disable older DH keys and enable newer versions.

 

[tommiie]

I did a quick Google search but I assume you also already found this Stack Overflow page. Weirdly enough, it directly contradicts my previous post. Where I guessed you had to enable newer versions, this post states you have to enable the older version of TLS – or fix the server, which I guess is not an option for you.

 

[sprock]

Thanks for your reply.

Yes, I had seen the page you linked. You are correct in that I have no control over the server. Unfortunately, reading through that page does not help much in getting fetchmail to use an older version of TLS.

Thanjs again.

 

[ShelLuser]

I'm not very fluent with fetchmail(1) myself but... have you tried to increase logging verbosity?

Also... tried manually specifying a protocol (referring to --sslproto)? Do you even know what protocols this mailserver supports these days, that's where I'd start...

Lessee IMAPs... something like: nmap -Pn --script ssl-cert,ssl-enum-ciphers -p 993 mail.sum.wear.

That should tell you a bit more about all this.