From U.S. | Let There Be Change | Accenture
The currently recommended minimum size for DH parameters is 2048 bits. Anything equal or below 1024 is considered insecure.
Okay, so let’s take a look at the DH key by using an older version of Debian:
docker run --rm -it debian:stretch
apt update && apt install -y openssl
openssl s_client -connect secure.emailsrvr.com:465 | grep "Server Temp Key"
Yeah, the DH key is definitely too small:
Server Temp Key: DH, 1024 bits
I’d say that’s something for Rackspace to fix. As a workaround, you should be able to edit /etc/ssl/openssl.cnf
and remove the CipherString = DEFAULT@SECLEVEL=2
at the end of the file. Sidekiq should pick up the new OpenSSL settings after restarting the container.