From owner-freebsd-stable@FreeBSD.ORG  Thu Jun 18 15:10:37 2015
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 487C2A47;
 Thu, 18 Jun 2015 15:10:37 +0000 (UTC)
 (envelope-from gshapiro@gshapiro.net)
Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2D29BABC;
 Thu, 18 Jun 2015 15:10:37 +0000 (UTC)
 (envelope-from gshapiro@gshapiro.net)
Received: from minime.local (c-98-207-41-174.hsd1.ca.comcast.net
 [98.207.41.174]) (authenticated bits=0)
 by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5IFAXo0074110
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Thu, 18 Jun 2015 08:10:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net;
 s=gatsby.dkim; t=1434640236;
 bh=UJBrOE4t+pqSo9VDBHju+BM23SDnMCc0MXU8BpSqb10=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To;
 b=coacuykyWb9p1g0s94LKoVI+kPZvsflr1oVGp1HKUhfzDJc8G0usTb7SP7wZPANt8
 g875o57s/pxu+W8UDnCkLdKC8udj/1hNst4tIzsajFLcY7glLcIwSxHk/3zP2ToiNC
 AFuLIT9eIeYZwFGFmu/NDj1c2eHAcjnPnDtjk6AI=
Date: Thu, 18 Jun 2015 08:10:33 -0700
From: Gregory Shapiro <gshapiro@gshapiro.net>
To: Peter Olsson <list-freebsd-announce@jyborn.se>
Cc: Royce Williams <royce@tycho.org>,
 FreeBSD Errata Notices <errata-notices@freebsd.org>,
 freebsd-stable <freebsd-stable@freebsd.org>
Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
Message-ID: <20150618151032.GB42082@minime.local>
References: <201506180553.t5I5rKlO059969@freefall.freebsd.org>
 <20150618112132.GD7234@pol-server.leissner.se>
 <CA+E3k91zj4Tt5BQKNbE5dn1FvykCbn=E1xhFjrkU18jMnL6DCw@mail.gmail.com>
 <20150618132211.GO7234@pol-server.leissner.se>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150618132211.GO7234@pol-server.leissner.se>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2015 15:10:37 -0000

> > Did you (re)generate your dh.params file as noted in the Workaround section?
> 
> No, because of this text under Solution:
> "
> A change to the raise the default for sendmail client connections to
> 1024-bit DH parameters has been committed.
> "
> 
> As I understand it this would remove the need for generating
> the dh.params file?

You do not need to regenerate dh.params with the patch unless you have
specifically set DHParameters in /etc/mail/sendmail.cf to a lower
strength.  What is the output of:

grep DHParam /etc/mail/sendmail.cf

If it is set to a string beginning with '5' or a filename and that
file was generated using 512-bit strength, then remove that setting.