SMTP: SSL error/Unable to connect

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
9

I have the same issue but I am not sure if this is the same cause.
As far as i understand the key has 2048bit and TLS1.2 is used.
I really do not want to compromise on security here. Are there any other suggestions?

$ openssl s_client -crlf -connect smtp.goneo.de:465
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
verify return:1
depth=0 CN = *.goneo.de
verify return:1
139889939375424:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:…/ssl/statem/statem_clnt.c:2149:
-–
Certificate chain
0 s:CN = *.goneo.de
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
-–
Server certificate
-----BEGIN CERTIFICATE-----
MIIGKTCCBRGgAwIBAgIQAbl+90iydskpf3rtFgFS6DANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx
MB4XDTIwMDMxMDAwMDAwMFoXDTIyMDUwOTEyMDAwMFowFTETMBEGA1UEAwwKKi5n
b25lby5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTOu4/ZvYhJ
UTASGuZuQATKU7RDGApaadTe1Qz+4V6WAhqZzMt7/8kPJ9MxvuBrCXBjDLCl+dON
dtZXR6ko2RGlN+qQqfeXGACOP1h+Qr6w+Bs1w4RIDVgXB3x4ooOTNyQ9xnGDFYsZ
Miwn85XFOYyW0MSjbvmkIPoSP+SBNZftcDk8JRQrKLAeNXfvcE0fXSvr28PNm5N3
YuWza9TMwEdj6NVO34wpsQw1n0eg8mfUEkHMlf0ED2QlmxMn9jg3wOxpk7Eivq/V
RxMcavMbvm75hYDRN/9QZyGU8TX4Crz1DCG5mkm9ImALqRQveN8B/0Mzt7mXDF57
Yh7iJr5R028CAwEAAaOCAygwggMkMB8GA1UdIwQYMBaAFAzbbIJJD0pnCrgU7nrE
SFKI61Y4MB0GA1UdDgQWBBR6jH0xGgUfVeE/ZOD0neU+z1GOKjAfBgNVHREEGDAW
ggoqLmdvbmVvLmRlgghnb25lby5kZTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9j
ZHAucmFwaWRzc2wuY29tL1JhcGlkU1NMVExTUlNBQ0FHMS5jcmwwTAYDVR0gBEUw
QzA3BglghkgBhv1sAQIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl
cnQuY29tL0NQUzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCYGCCsGAQUFBzAB
hhpodHRwOi8vc3RhdHVzLnJhcGlkc3NsLmNvbTA+BggrBgEFBQcwAoYyaHR0cDov
L2NhY2VydHMucmFwaWRzc2wuY29tL1JhcGlkU1NMVExTUlNBQ0FHMS5jcnQwCQYD
VR0TBAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYAu9nfvB+KcbWTlCOX
qpJ7RzhXlQqrUugakJZkNo4e0YUAAAFwxPpDSAAABAMARzBFAiEAssho8B4j5mjJ
TlAH8nm2Qn5GJIERYVxLTgRsCBnA3rQCIGfL2dSYrLHSgY/WmrNxkPF7Vr8K/ZU7
/xNZcC8qn/2+AHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt/XcaDXG7iDwIAAAFw
xPpDdgAABAMARzBFAiEAtmnfoMCCSyBJBo987OAbHSyYgUaHnGlKRs9lLb6WzZUC
IGFJKiKoUVLzKiKqT3HtC5v65ZJbm1EjA3fg6peVzCiIAHYAUaOw9f0BeZxWbbg3
eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwxPpDlwAABAMARzBFAiEAkE+0qBlLZtbm
YkPWcoHyM5AqLLxnrq2C+7Qw7q8tPwkCICB5QfEzDaWb3VaF8XdEALhB3HYYTsyR
C/Wr6jwmM3VjMA0GCSqGSIb3DQEBCwUAA4IBAQB53aE9y+D/3C4VInshkL93ZKy2
sw2EimhSKQovrhnTYhWWficM0hFtkVxc7NIoc8e2vFia7e/2g9USglmNSgpSE81t
5DxOqAeYvXItm7jok81Sbj4dYM4ggsoWacktVvHWfRzxDCBL/RA5mGukmV8kz62R
kWd07Yc1pZjBwC4JcCaBC1n4oWm/tW49/Ydv9ZbKjmZp9+nB5AgZiDtkTHVgQaD7
tsmpOyZ1qAjx8kGJUHP4/A93O1Te/6/BrsBDg5uULOktZLS/vFOdDbG9PrWdcVS0
8A4Yi+FylNLHTQyNUBX17DDlxg+/E1IWLOFbyAzyBODPLPwNhS1XnpJR6FTs
-----END CERTIFICATE-----
subject=CN = *.goneo.de

issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1

-–
No client certificate CA names sent
-–
SSL handshake has read 3396 bytes and written 312 bytes
Verification: OK
-–
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1598811258
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---

$ openssl version -a
OpenSSL 1.1.1f 31 Mar 2020
built on: Mon Apr 20 11:53:50 2020 UTC
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,–noexecstack -Wall -Wa,–noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-P_ODHM/openssl-1.1.1f=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_TLS_SECURITY_LEVEL=2 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: “/usr/lib/ssl”
ENGINESDIR: “/usr/lib/x86_64-linux-gnu/engines-1.1”
Seeding source: os-specific