skip to content

Latest News

Optusnet maili delivery issues

Our recent upgrade to Debian 12 (bookworm) included a tightening of security around TLS connections used for logging in and...

Server upgrades - Debian 12

This month we are busy upgrading our servers to the new Debian 12 ("bookworm"), which includes PHP 8.2 and PostgreSQL 15.3...

25 years of Chirp!

This week marks 25 years since Chirp first opened for business back in 1997 as Chirp Web Design in a small office in Braddon,...

News RSS Feed

more news

Optusnet maili delivery issues

18 July 2023

Our recent upgrade to Debian 12 (bookworm) included a tightening of security around TLS connections used for logging in and for sending and receiving emails.

In technical terms, this means that RSA and DHE keys need to be at least 2048 bit long, SHA-1 is no longer supported for signatures in certificates and you need at least SHA-256.

Since the upgrade we have started to see errors communicating with the Optusnet mail servers as follows:

Jul 18 00:00:45 mail sm-mta[3359398]: STARTTLS=client, start=ok
Jul 18 00:00:45 mail sm-mta[3359398]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1
Jul 18 00:00:45 mail sm-mta[3359398]: STARTTLS=client: error:0A00018A:SSL routines::dh key too small:../ssl/statem/statem_clnt.c:2092:
Jul 18 00:00:45 mail sm-mta[3359398]: ruleset=tls_server, arg1=SOFTWARE, relay=extmail.optusnet.com.au, reject=454 4.7.0 TLS handshake failed.

We anticipate that Optusnet, and any other ISPs who have not yet upgraded to the new security standards, will be forced to do so in order to remain operational.

More information on the vulnerabilities involved can be found at the link below.

Related link

Chirp office offline today »

« Server upgrades - Debian 12

< latest news