From nobody Tue Feb 13 17:10:32 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TZ7Bb4FtWz59Gy7 for ; Tue, 13 Feb 2024 17:10:47 +0000 (UTC) (envelope-from gshapiro@freebsd.org) Received: from z.gshapiro.net (z.gshapiro.net [IPv6:2600:1f18:408a:c610::100]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.gshapiro.net", Issuer "R3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TZ7BZ6tvxz4vgj for ; Tue, 13 Feb 2024 17:10:46 +0000 (UTC) (envelope-from gshapiro@freebsd.org) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=freebsd.org (policy=none); spf=softfail (mx1.freebsd.org: 2600:1f18:408a:c610::100 is neither permitted nor denied by domain of gshapiro@freebsd.org) smtp.mailfrom=gshapiro@freebsd.org Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:bc8:2e97:100:0:0:0:100]) by z.gshapiro.net (8.17.1/8.17.1) with ESMTPS id 41DHAcB6007355 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL); Tue, 13 Feb 2024 17:10:39 GMT (envelope-from gshapiro@freebsd.org) Received: from thornystick.local ([104.220.49.199]) (authenticated bits=0) by zim.gshapiro.net (8.18.1/8.18.1) with ESMTPSA id 41DHAX4D046554 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 13 Feb 2024 17:10:36 GMT Date: Tue, 13 Feb 2024 09:10:32 -0800 From: Gregory Shapiro To: Helge Oldach Cc: Ruben van Staveren , mike@sentex.net, 000.fbsd@quip.cz, freebsd-stable@freebsd.org Subject: Re: sendmail 8.18.1 MFC'ed to stable/13 and stable/14 Message-ID: References: <4CEF6CCD-2BB5-4677-9D81-55F23E9FA89A@verweg.com> <202402081532.418FW0cU097961@nuc.oldach.net> List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202402081532.418FW0cU097961@nuc.oldach.net> X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.49 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.994]; MID_RHS_NOT_FQDN(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_POLICY_SOFTFAIL(0.10)[freebsd.org : No valid SPF, No valid DKIM,none]; ARC_NA(0.00)[]; ASN(0.00)[asn:14618, ipnet:2600:1f18:4000::/35, country:US]; FREEFALL_USER(0.00)[gshapiro]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; MISSING_XM_UA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_DKIM_NA(0.00)[]; R_SPF_SOFTFAIL(0.00)[~all:c]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_FIVE(0.00)[5] X-Rspamd-Queue-Id: 4TZ7BZ6tvxz4vgj > > As for the dhparams file, lets use the ffdhe4096 as per RFC7919 one and stop continuing generating these ourselves. > > The file can be grabbed from e.g. https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem > > I seem to recall that sendmail is doing someting along these lines anyhow if the DHParameters file is missing or empty. Yes, from the documentation: If the file is not readable or contains unusable data, the default ``i'' is used instead. ``i'' which selects a precomputed, fixed 2048 bit prime.