Diffusion FreeBSD src repository - subversion rS284536

Raise the default for sendmail client connections to 1024-bit DH
rS284536
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).

This is MFC of r284436 (gshapiro), the original commit message
was:

The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when

released well use a default of 2048 bits.

Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so

Details

Provenance

Authored on

Parents

rS284535: This change replaces the mutex with a sx lock for the interpreter list to

Branches

Unknown

Tags

Unknown

Event Timeline

delphij committed rS284536: Raise the default for sendmail client connections to 1024-bit DH.Jun 18 2015, 5:36 AM

Changes (9)

Path

Size

releng/

10.1/

contrib/

sendmail/

src/

sys/

conf/

8.4/

contrib/

sendmail/

src/

sys/

conf/

9.3/

contrib/

sendmail/

src/

sys/

conf/

rS284536

releng/10.1/UPDATING

Loading...

releng/10.1/contrib/sendmail/src/tls.c

Loading...

releng/10.1/sys/conf/newvers.sh

Loading...

releng/8.4/UPDATING

Loading...

releng/8.4/contrib/sendmail/src/tls.c

Loading...

releng/8.4/sys/conf/newvers.sh

Loading...

releng/9.3/UPDATING

Loading...

releng/9.3/contrib/sendmail/src/tls.c

Loading...

releng/9.3/sys/conf/newvers.sh

Loading...