The Diffie-Hellman prime sent by the server is not acceptable

Status changed to 'Confirmed' because the bug affects multiple users.

This issue is not coming from Evolution itself. It also manifests itself when attempting to create an Exchange account using the Settings -> Online Accounts -> Add an account -> Microsoft Exchange option. In this case, if the mail server returns a small Diffie-Hellman prime (e.g. 1024 bytes) the handshake fails and the error message reported is:

Error Connecting to Microsoft Exchange server:
Code:6 -- Unexpected response from server

I have encountered the same problem in Fedora some time ago and in this case the solution was to modify the system wide security level to legacy by using the following command after installing the crypto-policies package:

update-crypto-policies --set LEGACY

see: https://bugzilla.redhat.com/show_bug.cgi?id=1549242

However, in the case of Ubuntu 20.04 this does not resolve the problem.

I noticed this bug too. In my case it was Shibboleth. They may have to work with Shibboleth to integrate their services, because right now their website mentions support only for Suse and CentOS distros.

Temporarily your workaround can be edit /etc/hosts to add your ISP's static IP and domain address. This worked for me.

I've recently begun using `evolution-ews` from the Ubuntu 19.10 repository and it's been working brilliantly. I've now attempted to do the same on a fresh Ubuntu 20.04 beta install and can no longer use the plugin to fetch my emails, as I get a TLS/SSL error.

I'm using it on an NHS email account with the server URL as

`https://mail.nhs.net/ews/exchange.asmx`

but when I add my email account I get an error message

```
SSL/TLS certificate for "mail.nhs.net" is not trusted. Do you wish to accept it?
```

The certificate is for *.nhs.net so should be valid, I also get a reported error "Error perfroming TLS handshake. The Diffie-Hellman prime sent by the server is not acceptable (not long enough)

If I try to `Accept Permanently` the pop up box continues to reappear.

```
*.nhs.net
Identity: *.nhs.net
Verified by: GlobalSign RSA OV SSL CA 2018
Expires: 14/03/21
```

## On Ubuntu 19.10 (Working)
```
neil@thinkpad:~$ apt search evolution
Sorting... Done
Full Text Search... Done
evolution/eoan,now 3.34.1-2 amd64 [installed]
  groupware suite with mail client and organizer

neil@thinkpad:~$ apt search evolution-ews
Sorting... Done
Full Text Search... Done
evolution-ews/eoan,now 3.34.1-1 amd64 [installed]
  Exchange Web Services integration for Evolution
```

## On Ubuntu 20.04 (Error)
```
neil@thinkpad:~$ apt search evolution
Sorting... Done
Full Text Search... Done
evolution/focal,now 3.36.1-1 amd64 [installed]
  groupware suite with mail client and organizer

neil@thinkpad:~$ apt search evolution-ews
Sorting... Done
Full Text Search... Done
evolution-ews/focal,now 3.36.1-1 amd64 [installed]
  Exchange Web Services integration for Evolution
```

This is a serious problem because it can disable the Exchange accounts of many business users around the world. I am surprised it is still "Undecided" and not assigned to someone!

Confirms NYU.edu uses Shibboleth for it's accounts. I could connect my NYU account to Online Accounts in 19.10 but cannot (with this same error) in 20.04 beta.

As a workaround, can you try lowering the profile from MEDIUM [1] to LOW [2]:

sudo mkdir /etc/gnutls
cat << EOF | sudo tee -a /etc/gnutls/config
[overrides]
default-priority-string = NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-DTLS1.2:%PROFILE_LOW
EOF

1: https://git.launchpad.net/ubuntu/+source/gnutls28/tree/debian/rules#n38
2: https://gnutls.org/manual/html_node/Selecting-cryptographic-key-sizes.html#Selecting-cryptographic-key-sizes

Thank you Simon Déziel! That worked. I couldn't quite figure that out on my own.

Want to add my thanks as well Simon, I'm still getting a warning abut a wildcard cert, but it's at least functional now!

Thank you Simon Déziel! That worked for me too.

I was all set to give up on ubuntu 20 because having a working evolution-ews is a deal-breaker for me.

I wonder why the linked duplicate thread does not also contain your fix.

Status changed to 'Confirmed' because the bug affects multiple users.

Thank you Simon Déziel you saved my life!!!

I tried to follow the instructions in #8. My computer is now bricked with the message after login password of "Oh No! Something has gone wrong. A problem has occurred and the system can't recover. Please log out and try again."

I am not terribly linux savvy so I expect I did something wrong but no idea what.

Can someone tell me how to save my computer?

Okay, well after entirely too much excitement, I made some progress. After much googling, I found that this error message refers to a problem with GNOME so one can get around it by going into console mode, which I did with alt-shift-F3. I then was able to edit the config file and worked out that the problem was that contrary to the appearance of the example commands, the line starting with "default-priority" needs to all be on one line. After I made that change, I was able to reboot back into GNOME. With the security level lowered, the GNOME Online function of the Settings app now worked! I am now fully able to get e-mail from this account. Given how fraught this all was, may I suggest that someone address this issue? Anyway, thanks for the help!

After i upgraded to Ubuntu 20.04 the Evolution cannot send more E-Mails.
Failurmessesge: (in German)
Die Fehlremeldung war >> Fehler bei der Ausführung des TLS-Handshake: Die vom Server gesendete Diffie-Hellmann-Primzahl wurde nicht akzeptiert (zu kurz).<<.

Translate:
The error message was >> Error while executing the TLS handshake: The Diffie-Hellmann prime number sent by the server was not accepted (too short).<<.

Wat can i do now?

@adolf
You can follow deziel's excellent advise in post #8 https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/1866974/comments/8

but you should still revert to your mail provider and look for their update plans.

Followed Deziel #8 which worked perfectly for email (many thanks), but then got the same error message when I tried to add my Outlook calendar.