Gregory Shapiro
2015-Jun-18 15:10 UTC
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
> > Did you (re)generate your dh.params file as noted in the Workaround section? > > No, because of this text under Solution: > " > A change to the raise the default for sendmail client connections to > 1024-bit DH parameters has been committed. > " > > As I understand it this would remove the need for generating > the dh.params file?You do not need to regenerate dh.params with the patch unless you have specifically set DHParameters in /etc/mail/sendmail.cf to a lower strength. What is the output of: grep DHParam /etc/mail/sendmail.cf If it is set to a string beginning with '5' or a filename and that file was generated using 512-bit strength, then remove that setting.
Peter Olsson
2015-Jun-18 15:16 UTC
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
On Thu, Jun 18, 2015 at 08:10:33AM -0700, Gregory Shapiro wrote:> > > Did you (re)generate your dh.params file as noted in the Workaround section? > > > > No, because of this text under Solution: > > " > > A change to the raise the default for sendmail client connections to > > 1024-bit DH parameters has been committed. > > " > > > > As I understand it this would remove the need for generating > > the dh.params file? > > You do not need to regenerate dh.params with the patch unless you have > specifically set DHParameters in /etc/mail/sendmail.cf to a lower > strength. What is the output of: > > grep DHParam /etc/mail/sendmail.cf > > If it is set to a string beginning with '5' or a filename and that > file was generated using 512-bit strength, then remove that setting.I never changed or generated anything in the mail configuration on these servers, they use the default mc/cf files: $ grep DHParam /etc/mail/sendmail.cf # DHParameters (only required if DSA/DH is used) O DHParameters=/etc/mail/certs/dh.param $ ls -l /etc/mail/certs total 12 lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem -rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem -rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert -rw------- 1 root wheel 1704 31 Aug 2014 host.key Peter Olsson