Date: Thu, 18 Jun 2015 17:16:08 +0200 From: Peter Olsson <list-freebsd-announce@jyborn.se> To: Gregory Shapiro <gshapiro@gshapiro.net> Cc: FreeBSD Errata Notices <errata-notices@freebsd.org>, freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail Message-ID: <20150618151608.GB3755@pol-server.leissner.se> In-Reply-To: <20150618151032.GB42082@minime.local> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> <CA%2BE3k91zj4Tt5BQKNbE5dn1FvykCbn=E1xhFjrkU18jMnL6DCw@mail.gmail.com> <20150618132211.GO7234@pol-server.leissner.se> <20150618151032.GB42082@minime.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 18, 2015 at 08:10:33AM -0700, Gregory Shapiro wrote: > > > Did you (re)generate your dh.params file as noted in the Workaround section? > > > > No, because of this text under Solution: > > " > > A change to the raise the default for sendmail client connections to > > 1024-bit DH parameters has been committed. > > " > > > > As I understand it this would remove the need for generating > > the dh.params file? > > You do not need to regenerate dh.params with the patch unless you have > specifically set DHParameters in /etc/mail/sendmail.cf to a lower > strength. What is the output of: > > grep DHParam /etc/mail/sendmail.cf > > If it is set to a string beginning with '5' or a filename and that > file was generated using 512-bit strength, then remove that setting. I never changed or generated anything in the mail configuration on these servers, they use the default mc/cf files: $ grep DHParam /etc/mail/sendmail.cf # DHParameters (only required if DSA/DH is used) O DHParameters=/etc/mail/certs/dh.param $ ls -l /etc/mail/certs total 12 lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem -rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem -rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert -rw------- 1 root wheel 1704 31 Aug 2014 host.key Peter Olsson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150618151608.GB3755>