jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-12-01 02:03:31 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

MFC: An additional fix for the openssl Weak DH remediation:

Browse Source 
The import of openssl to address the FreeBSD-SA-15:10.openssl security
     advisory includes a change which rejects handshakes with DH parameters
     below 768 bits.  sendmail releases prior to 8.15.2 (not yet released),
     defaulted to a 512 bit DH parameter setting for client connections.

     The first fix committed last week changed the default to 1024 bits.

     This commit fixes the case where the DHParameters option is set to a
     file which doesn't exist, which is the case on newer versions of
     FreeBSD which enable STARTTLS by default by auto-creating TLS
     certificates.
This commit is contained in:
Gregory Neil Shapiro 2015-06-25 01:49:44 +00:00
parent 0c24b26c2b
commit 198a517774
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/stable/10/; revision=284786
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/sendmail/src/sendmail.h
View File

@ -1935,7 +1935,7 @@ struct termescape
/* server requirements */
#define TLS_I_SRV (TLS_I_SRV_CERT | TLS_I_RSA_TMP | TLS_I_VRFY_PATH | \
TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH512 | \
TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH1024 | \
TLS_I_CACHE)
/* client requirements */