Sendmail problem after upgrade to r284296
Gregory Shapiro
gshapiro at gshapiro.net
Mon Jun 15 03:24:09 UTC 2015
> I created it per your instructions. See above about it not existing
> previously.
Oh, sorry for the confusion. Seems an emergency patch is in order to change the default.
Would you be willing to test this patch (apply, build, install, remove dh.params file, and restart)?
The patch changes the client and server default to 2048 (previous 512 and 1024) to help mitigate LogJam/WeakDH.
Index: src/tls.c
===================================================================
--- src/tls.c (revision 284402)
+++ src/tls.c (working copy)
@@ -676,8 +676,8 @@
}
if (dhparam == NULL)
{
- dhparam = srv ? "1" : "5";
- req |= (srv ? TLS_I_DH1024 : TLS_I_DH512);
+ dhparam = "2";
+ req |= TLS_I_DH2048;
}
else if (*dhparam == '/')
{
More information about the freebsd-stable
mailing list