Date: Sun, 14 Jun 2015 13:50:32 -0400 (EDT) From: Frank Seltzer <frank_s@bellsouth.net> To: Gregory Shapiro <gshapiro@gshapiro.net> Cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 Message-ID: <alpine.BSF.2.20.1506141333131.852@Ace.nina.org> In-Reply-To: <20150614165507.GD95564@minime.local> References: <alpine.BSF.2.20.1506141014130.852@Ace.nina.org> <20150614165507.GD95564@minime.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 14 Jun 2015, Gregory Shapiro wrote: > The new OpenSSL eliminated small DHParam support. That leaves two possibilities: > > 1. The remote side you are talking to is using a small value. The best thing to do would be to eliminate the DH ciphers from your settings. See the docs for the CipherList setting. Both machines are on my home network. Both have default settings. > 2. Your side is using a small value. Double check your setting: > >> grep DHParam /etc/mail/sendmail.cf > # DHParameters (only required if DSA/DH is used) > #O DHParameters # DHParameters (only required if DSA/DH is used) O DHParameters=/etc/mail/certs/dh.param # DHParameters (only required if DSA/DH is used) O DHParameters=/etc/mail/certs/dh.param Again, default values, no changes to the installed files made. > If that is set to '5' (or a string beginning with 5) or a filename which was created with a 512 bit DHParam, change it to '2' (2048) or a newly created file using 'openssl dhparam -out /path/to/file 2048'. In your /etc/mail/`hostname`.mc file, this setting will show as confDH_PARAMETERS. > > Also note that the first version of the openssl fix including an ABI issue and a new version was released. Make sure you are using the latest version. root@Shop:/etc/mail/certs # openssl version OpenSSL 1.0.1n-freebsd 11 Jun 2015 root@Shop:/etc/mail/certs # svnlite info /usr/src/ Path: /usr/src Working Copy Root Path: /usr/src URL: svn://ace/src/stable/10 Relative URL: ^/stable/10 Repository Root: svn://ace/src Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 284296 Node Kind: directory Schedule: normal Last Changed Author: jkim Last Changed Rev: 284285 Last Changed Date: 2015-06-11 15:07:45 -0400 (Thu, 11 Jun 2015) oot@Ace:/usr/ports # openssl version OpenSSL 1.0.1n-freebsd 11 Jun 2015 root@Ace:/usr/ports # svnlite info /usr/src/ Path: /usr/src Working Copy Root Path: /usr/src URL: svn://ace/src/stable/10 Relative URL: ^/stable/10 Repository Root: svn://ace/src Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 284296 Node Kind: directory Schedule: normal Last Changed Author: jkim Last Changed Rev: 284285 Last Changed Date: 2015-06-11 15:07:45 -0400 (Thu, 11 Jun 2015) Has anything changed since then? Does this revision have the openssl changes?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1506141333131.852>