skip to content

Latest News

Chirp office Easter closing dates

We'll be on the road from mid-April to early May this year, so the Chirp office will be closed during that time. We'll still...

AWS encryption attack mitigation

We have a few websites now where files are being stored in the cloud using Amazon S3 storage. So bringing to your attention...

News RSS Feed

more news

Optusnet maili delivery issues

18 July 2023

Our recent upgrade to Debian 12 (bookworm) included a tightening of security around TLS connections used for logging in and for sending and receiving emails.

In technical terms, this means that RSA and DHE keys need to be at least 2048 bit long, SHA-1 is no longer supported for signatures in certificates and you need at least SHA-256.

Since the upgrade we have started to see errors communicating with the Optusnet mail servers as follows:

Jul 18 00:00:45 mail sm-mta[3359398]: STARTTLS=client, start=ok
Jul 18 00:00:45 mail sm-mta[3359398]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1
Jul 18 00:00:45 mail sm-mta[3359398]: STARTTLS=client: error:0A00018A:SSL routines::dh key too small:../ssl/statem/statem_clnt.c:2092:
Jul 18 00:00:45 mail sm-mta[3359398]: ruleset=tls_server, arg1=SOFTWARE, relay=extmail.optusnet.com.au, reject=454 4.7.0 TLS handshake failed.

We anticipate that Optusnet, and any other ISPs who have not yet upgraded to the new security standards, will be forced to do so in order to remain operational.

More information on the vulnerabilities involved can be found at the link below.

Related link

Chirp office offline today »

« Server upgrades - Debian 12


< news archive