Site Navigation

Date:      Wed, 17 Jun 2015 03:23:45 +0000 (UTC)
From:      Gregory Neil Shapiro <gshapiro@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r284492 - stable/8
Message-ID:  <201506170323.t5H3NjKN093785@svn.freebsd.org>

---

index | next in thread | raw e-mail

---

Author: gshapiro
Date: Wed Jun 17 03:23:45 2015
New Revision: 284492
URL: https://svnweb.freebsd.org/changeset/base/284492

Log:
  Add a note regarding the change to sendmail'c default DH parameter size
  for client connections.

Modified:
  stable/8/UPDATING

Modified: stable/8/UPDATING
==============================================================================
--- stable/8/UPDATING	Wed Jun 17 03:22:18 2015	(r284491)
+++ stable/8/UPDATING	Wed Jun 17 03:23:45 2015	(r284492)
@@ -15,6 +15,14 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
 	debugging tools present in HEAD were left in place because
 	sun4v support still needs work to become production ready.
 
+20150615:
+	The latest version of openssl rejects TLS handshakes with DH
+	parameters below 768 bits.  sendmail releases prior to 8.15.2
+	(not yet released), defaulted to a 512 bit DH parameter setting
+	for client connections.  To improve interoperability, the
+	sendmail default for client connections has been raised to
+	1024 bits.
+
 20140216:
 	The nve(4) driver for NVIDIA nForce MCP Ethernet adapters has
 	been deprecated and will not be part of FreeBSD 11.0 and later

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506170323.t5H3NjKN093785>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact