From f61db280aba76b90f9021e82c151b2b868e057a0 Mon Sep 17 00:00:00 2001
From: gshapiro <gshapiro@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Wed, 17 Jun 2015 03:23:45 +0000
Subject: [PATCH] Add a note regarding the change to sendmail'c default DH
 parameter size for client connections.

git-svn-id: svn://svn.freebsd.org/base/stable/8@284492 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 UPDATING | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/UPDATING b/UPDATING
index 76c1527ae..cd5f38f01 100644
--- a/UPDATING
+++ b/UPDATING
@@ -15,6 +15,14 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.x IS SLOW ON IA64 OR SUN4V:
 	debugging tools present in HEAD were left in place because
 	sun4v support still needs work to become production ready.
 
+20150615:
+	The latest version of openssl rejects TLS handshakes with DH
+	parameters below 768 bits.  sendmail releases prior to 8.15.2
+	(not yet released), defaulted to a 512 bit DH parameter setting
+	for client connections.  To improve interoperability, the
+	sendmail default for client connections has been raised to
+	1024 bits.
+
 20140216:
 	The nve(4) driver for NVIDIA nForce MCP Ethernet adapters has
 	been deprecated and will not be part of FreeBSD 11.0 and later
-- 
2.45.0