Bug#676563: exim4: new minimumum Diffie-Hellman length breaks sending, not configurable

[Andreas Metzler]

On 2012-06-07 Kevin Mitchell <kevmitch at math.sfu.ca> wrote:
> Source: exim4
> Version: 4.80-2
> Severity: important

> This breaks relaying to my smarthost which requires secure
> authentication, but apparently doesn't have the new required DH size of
> 2048. 

> from /var/log/exim4/mainlog:

> 2012-06-07 11:57:56 1Schu8-0005cQ-SD <= kevmitch at math.sfu.ca U=kevmitch P=local S=472 id=20120607185756.GA21542 at math.sfu.ca
> 2012-06-07 11:58:02 1Schu8-0005cQ-SD TLS error on connection to pobox.sfu.ca [142.58.101.28] (gnutls_handshake): The Diffie-Hellman prime sent by the server is not acceptable (not long enough).

> Maybe a key shorter than 2048 is "insecure", but most people (myself
> included) are not in a position to "fix" their smarthost. This wouldn't
[...]

Hello,

the upgrade from 4.77 to 4.80-2 should actually have lowered the
limit:

---------------------------------------------------
With respective patches we have this in 4.77-2
#define DH_BITS      2048
[...]
gnutls_dh_set_prime_bits(session, DH_BITS);

and this in 4.80-2:
#ifndef EXIM_CLIENT_DH_MIN_BITS
#define EXIM_CLIENT_DH_MIN_BITS 1024
#endif
[...]
gnutls_dh_set_prime_bits(state->session, EXIM_CLIENT_DH_MIN_BITS);
---------------------------------------------------

66_enlarge-dh-parameters-size.dpatch is a noop in sid, it only changes
EXIM_SERVER_DH_BITS_PRE2_12 which only triggers on backports, built
against gnutls < 2.12.

However, afaict the DH_BITS limit did not work with exim << 4.80. :-(

Anyway, pobox.sfu.ca really seems to broken, it only supports 512 bit DH,
which is probably not a lot better than sending unencrypted. 

exim GIT already has a fix, adding the tls_dh_min_bits SMTP transport
option.

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'