]> CyberLeo.Net >> Repos - FreeBSD/releng/10.1.git/commit
projects / FreeBSD / releng / 10.1.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b3734bf) | patch
Raise the default for sendmail client connections to 1024-bit DH
authordelphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Thu, 18 Jun 2015 05:36:45 +0000 (05:36 +0000)
committerdelphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Thu, 18 Jun 2015 05:36:45 +0000 (05:36 +0000)
commit4561ddf77940c276e42843bfc905d5acc53faae2
tree1fca439ce450c4e0692adc0e0b882ce056ae301dtree | snapshot
parentb3734bf3e437fc8ed8ef49b74aa214df32b5d01dcommit | diff
Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).

This is MFC of r284436 (gshapiro), the original commit message
was:

===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits.  sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits.  sendmail 8.15.2, when
released well use a default of 2048 bits.
===

Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so

git-svn-id: svn://svn.freebsd.org/base/releng/10.1@284536 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
UPDATING diff | blob | history
contrib/sendmail/src/tls.c diff | blob | history
sys/conf/newvers.sh diff | blob | history
10.1-RELEASE