From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 15:16:14 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A51D1C2F; Thu, 18 Jun 2015 15:16:14 +0000 (UTC) (envelope-from list-freebsd-announce@jyborn.se) Received: from mailgate.leissner.se (mailgate.leissner.se [212.3.1.210]) by mx1.freebsd.org (Postfix) with ESMTP id 3540DC94; Thu, 18 Jun 2015 15:16:13 +0000 (UTC) (envelope-from list-freebsd-announce@jyborn.se) Received: from mailgate.leissner.se (localhost [127.0.0.1]) by mailgate.leissner.se (8.15.1/8.15.1) with ESMTP id t5IFGBxi097858; Thu, 18 Jun 2015 17:16:11 +0200 (CEST) (envelope-from list-freebsd-announce@jyborn.se) Received: (from uucp@localhost) by mailgate.leissner.se (8.15.1/8.15.1/Submit) id t5IFGBKJ097857; Thu, 18 Jun 2015 17:16:11 +0200 (CEST) (envelope-from list-freebsd-announce@jyborn.se) Received: from pol.leissner.se(192.71.29.17), claiming to be "pol-server.leissner.se" via SMTP by mailgate.leissner.se, id smtpdXCavhs; Thu Jun 18 17:16:08 2015 Received: from localhost (pol-server.leissner.se [local]); by pol-server.leissner.se (OpenSMTPD) with ESMTPA id c960cd49; Thu, 18 Jun 2015 17:16:08 +0200 (CEST) Date: Thu, 18 Jun 2015 17:16:08 +0200 From: Peter Olsson To: Gregory Shapiro Cc: FreeBSD Errata Notices , freebsd-stable Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail Message-ID: <20150618151608.GB3755@pol-server.leissner.se> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> <20150618132211.GO7234@pol-server.leissner.se> <20150618151032.GB42082@minime.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150618151032.GB42082@minime.local> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 15:16:14 -0000 On Thu, Jun 18, 2015 at 08:10:33AM -0700, Gregory Shapiro wrote: > > > Did you (re)generate your dh.params file as noted in the Workaround section? > > > > No, because of this text under Solution: > > " > > A change to the raise the default for sendmail client connections to > > 1024-bit DH parameters has been committed. > > " > > > > As I understand it this would remove the need for generating > > the dh.params file? > > You do not need to regenerate dh.params with the patch unless you have > specifically set DHParameters in /etc/mail/sendmail.cf to a lower > strength. What is the output of: > > grep DHParam /etc/mail/sendmail.cf > > If it is set to a string beginning with '5' or a filename and that > file was generated using 512-bit strength, then remove that setting. I never changed or generated anything in the mail configuration on these servers, they use the default mc/cf files: $ grep DHParam /etc/mail/sendmail.cf # DHParameters (only required if DSA/DH is used) O DHParameters=/etc/mail/certs/dh.param $ ls -l /etc/mail/certs total 12 lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem -rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem -rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert -rw------- 1 root wheel 1704 31 Aug 2014 host.key Peter Olsson