Sendmail problem after upgrade to r284296
Frank Seltzer
frank_s at bellsouth.net
Mon Jun 15 12:22:27 UTC 2015
On Sun, 14 Jun 2015, Gregory Shapiro wrote:
>> I created it per your instructions. See above about it not existing
>> previously.
>
> Oh, sorry for the confusion. Seems an emergency patch is in order to change the default.
>
> Would you be willing to test this patch (apply, build, install, remove dh.params file, and restart)?
>
> The patch changes the client and server default to 2048 (previous 512 and 1024) to help mitigate LogJam/WeakDH.
>
> Index: src/tls.c
> ===================================================================
> --- src/tls.c (revision 284402)
> +++ src/tls.c (working copy)
> @@ -676,8 +676,8 @@
> }
> if (dhparam == NULL)
> {
> - dhparam = srv ? "1" : "5";
> - req |= (srv ? TLS_I_DH1024 : TLS_I_DH512);
> + dhparam = "2";
> + req |= TLS_I_DH2048;
> }
> else if (*dhparam == '/')
> {
Do you mean just build and install sendmail or world and kernel? I can do
world and kernel if you want me to, it only takes about 2 hours to build
world and 20 minutes to build the kernel so it's no big deal. I'll need
instruction on how to patch the file though, I've never done it before.
More information about the freebsd-stable
mailing list