In this documentation we can discuss about the thunderbird error : weak ephemeral Diffie-Hellman key error
Covers cpanel + courier-imap
If thunderbird gives weak ephemeral Diffie-Hellman key error a new Diffie-Hellman key is needed. The default size may be under 1024bits and should be 2048bits now.
First check the key size (default 768 usually)
openssl dhparam -text -noout -in /usr/lib/courier-imap/share/dhparams.pem
Diffie-Hellman-Parameters: (768 bit)
prime:
00:bb:55:fc:77:55:fe:30:a6:c8:fa:d8:c4:86:28:
ed:ba:a0:f1:d9:b3:52:5e:ce:6a:9f:1f:22:b0:81:
30:7e:a0:99:85:59:b5:9f:23:3b:94:fa:29:0e:43:
04:2e:e6:ef:ea:9b:b7:bb:88:07:7d:40:82:97:b3:
25:19:af:5d:73:5c:22:8f:34:b3:c7:a4:da:34:cf:
98:85:10:7e:2b:c2:fb:b9:4b:6c:3f:e6:70:d9:f6:
33:20:cb:f4:0a:3f:6b
generator: 2 (0x2)
Note this shows: 768 bit. We need a 2048 bit key
Generate a new Key with:
openssl dhparam -out /usr/lib/courier-imap/share/dhparams.pem 2048
restart courier:
/etc/init.d/courier-imap restart