Re: sendmail 8.18.1 MFC'ed to stable/13 and stable/14

On Wed, Feb 07, 2024 at 02:02:36PM -0500, mike tancsa wrote:
> Thanks for the continued sendmail support!   One question, I noticed the new
> mc file makes the following changes which refers to a file that does not
> normally exist on RELENG_13.  What is the best way to generate that file ?

Thanks Mike!  That file isn't part of the default configuration for
FreeBSD so it must be something you set in your .mc file.

The good news is it won't cause any breakage, but here are the docs (op.me)
which include how to generate:

DHParameters

This option applies to the server side only.  Possible values are:

5       use precomputed 512 bit prime.
1       generate 1024 bit prime
2       generate 2048 bit prime.
i       use included precomputed 2048 bit prime (default).
none    do not use Diffie-Hellman.
/path/to/file   load prime from file.

This is only required if a ciphersuite containing DSA/DH is used.  The
default is ``i'' which selects a precomputed, fixed 2048 bit prime.

If ``5'' is selected, then precomputed, fixed primes are used.  Note:
this option should not be used (unless necessary for compatibility with
old implementations).

If ``1'' or ``2'' is selected, then prime values are computed during
startup.  Note: this operation can take a significant amount of time on
a slow machine (several seconds), but it is only done once at startup.

If ``none'' is selected, then TLS ciphersuites containing DSA/DH cannot
be used.

If a file name is specified (which must be an absolute path), then the
primes are read from it.  It is recommended to generate such a file
using a command like this:

        openssl dhparam -out /etc/mail/dhparams.pem 2048

If the file is not readable or contains unusable data,
the default ``i'' is used instead.