Recently I switched to OpenSSL 3.2 which now defaults to security level
2 by default. Which means that it now requires DH key to be atleast 2048
bit long.
Due to this when sendmail sends email to (now broken) server, which
still uses 1024 bit DH keys, then email fails with "DH key too small"
SSL error.
But I do not want to disable TLS completely. I just want it to switch to security level 1.
Recently I switched to OpenSSL 3.2 which now defaults to security level
I can see -DDANE mentioned in site.config.m4 but I have no clue what it
It would be nice if this feature can be implemented in clt_features,
where it will use security level 1 for certain domains.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 35:33:50 |
Calls: | 6,707 |
Files: | 12,239 |
Messages: | 5,353,387 |