From owner-freebsd-questions@freebsd.org  Sun Mar 19 22:40:28 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D0C1D13D7A
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sun, 19 Mar 2017 22:40:28 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk
 [81.2.117.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.infracaninophile.co.uk",
 Issuer "infracaninophile.co.uk" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id B0D17880
 for <freebsd-questions@freebsd.org>; Sun, 19 Mar 2017 22:40:27 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from liminal.local (unknown
 [IPv6:2001:8b0:151:1:1c1d:86a1:a200:b700])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: m.seaman@infracaninophile.co.uk)
 by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id EA90210D28
 for <freebsd-questions@freebsd.org>; Sun, 19 Mar 2017 22:40:15 +0000 (UTC)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none header.from=FreeBSD.org
Authentication-Results: smtp.infracaninophile.co.uk/EA90210D28;
 dkim=none; dkim-atps=neutral
Subject: Re: how do I get STARTTLS working with sendmail on FreeBSD 10.3 ?
To: freebsd-questions@freebsd.org
References: <CAFsnNZLNVqA3PwUavhi62Orqg7i-OEsKo9m2Hsj0dwi+3iELmg@mail.gmail.com>
 <e0147881-7d8f-3153-a179-24a0daf1f354@FreeBSD.org>
 <CY1PR20MB036341B1330E2A76B2884BBA803B0@CY1PR20MB0363.namprd20.prod.outlook.com>
From: Matthew Seaman <matthew@FreeBSD.org>
Message-ID: <621229dc-df78-30c8-f53c-b9b6820ab3c3@FreeBSD.org>
Date: Sun, 19 Mar 2017 22:40:09 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0)
 Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CY1PR20MB036341B1330E2A76B2884BBA803B0@CY1PR20MB0363.namprd20.prod.outlook.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="7I01nXetlMSXvN70ILJ3jqaCWfnhIdBrL"
X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE,
 SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 smtp.infracaninophile.co.uk
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2017 22:40:28 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--7I01nXetlMSXvN70ILJ3jqaCWfnhIdBrL
Content-Type: multipart/mixed; boundary="B6uTpomETdS7N4NtHIGO2bVNDaLcrpDoP";
 protected-headers="v1"
From: Matthew Seaman <matthew@FreeBSD.org>
To: freebsd-questions@freebsd.org
Message-ID: <621229dc-df78-30c8-f53c-b9b6820ab3c3@FreeBSD.org>
Subject: Re: how do I get STARTTLS working with sendmail on FreeBSD 10.3 ?
References: <CAFsnNZLNVqA3PwUavhi62Orqg7i-OEsKo9m2Hsj0dwi+3iELmg@mail.gmail.com>
 <e0147881-7d8f-3153-a179-24a0daf1f354@FreeBSD.org>
 <CY1PR20MB036341B1330E2A76B2884BBA803B0@CY1PR20MB0363.namprd20.prod.outlook.com>
In-Reply-To: <CY1PR20MB036341B1330E2A76B2884BBA803B0@CY1PR20MB0363.namprd20.prod.outlook.com>

--B6uTpomETdS7N4NtHIGO2bVNDaLcrpDoP
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 19/03/2017 15:16, Gerard Seibert wrote:
> On Sun, 19 Mar 2017 14:34:34 +0000, Matthew Seaman stated:
>=20
>> The dh.param file you can generate by:
>>
>>   openssl dHParam -outform PEM -out dh.param 2048
>=20
> Are you sure about that command? I receive the following error message:=

>=20
> openssl dHParam -outform PEM -out dh.param 2048
> openssl:Error: 'dHParam' is an invalid command.
>=20
> However, using lower case, ie. 'dhparam' works fine.
>=20

Ooops.  Perils of copying from the web without checking everything
yourself.  I knew the command was /something/ like that, but clearly the
details escaped me.

Oh, and while you're thinking about DH parameters, consulting this site
should prove illuminating: https://www.weakdh.org/

	Cheers,

	Matthew


--B6uTpomETdS7N4NtHIGO2bVNDaLcrpDoP--

--7I01nXetlMSXvN70ILJ3jqaCWfnhIdBrL
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJYzwjPXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATNLQQALAdWL9YKhyglKPGfyDs51Wq
JWMr2NKbFVdEb/my/m2ksY4UsH88q9u3JcUKbGuL2yVdbo5pJ+wpljM0BeKe1eqq
2YhWRWQ5DMRM8cW4MrWDfbZBcgPvZmz2BBIrXtk6t4Yv0bXCwkSaFRgfgUfxoGPu
wZJzV6AlpN5hqJ5Hat22CUAFdelRru27RK/kuhh55xn2kzAX3VaLKVDfT0qXnz9Y
CQbEjYKE84JiBNy/hin5FxJilf01Ns7MHwgMKj559jWiynFb1PFYtwjXkhKu972+
gbFxNjhHnzAJLz4UsWIX6jBRitWQBz3OoQ1n1Fu3kYI40eRepD0J+IrsuIL5zyTP
BrOXPWL3aaaSiNuP/gpr06a8tEAOUn94zW9lSo9iaHj2yi8MxRGmM8Om7gnOzvtK
jlC9B+F+FXw7CAJumEeDnYnp3NPMFYwrwe2ePjCJefSW5HFkH0IaIiduq/fBSL+z
IzqczR8sEulIcvCvGByfOBe7fckNd3lEqBohBVjQ2WV2WH1VrcBUTzl3xm03Ozay
DV9HqYlHA1nere3ZZ0rOog7xVMLgV18+KK1a/fw3Ne/cFObdBintigPneRLKahAF
x+mzVltBq3a29OVTuwKNA9En6bPFS3hvyKZh+nMKATO559pILmROpWabVXQtNk1d
DVkQJd6ITTt6KcRc4XS+
=teJi
-----END PGP SIGNATURE-----

--7I01nXetlMSXvN70ILJ3jqaCWfnhIdBrL--