d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The import of openssl to address the FreeBSD-SA-15:10.openssl security

Browse Source 
advisory includes a change which rejects handshakes with DH parameters
below 768 bits.  sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits.  sendmail 8.15.2, when
released well use a default of 2048 bits.

MFC after:	1 day
This commit is contained in:
Gregory Neil Shapiro 2015-06-16 02:58:50 +00:00
parent ccc785556c
commit d815a37dda
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
contrib/sendmail/src/tls.c
View File

@ -650,7 +650,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
** 1024 generate 1024 bit parameters ** 1024 generate 1024 bit parameters
** 2048 generate 2048 bit parameters ** 2048 generate 2048 bit parameters
** /file/name read parameters from /file/name ** /file/name read parameters from /file/name
** default is: 1024 for server, 512 for client (OK? XXX) ** default is: 1024
*/ */
if (bitset(TLS_I_TRY_DH, req)) if (bitset(TLS_I_TRY_DH, req))
@ -676,8 +676,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
} }
if (dhparam == NULL) if (dhparam == NULL)
{ {
dhparam = srv ? "1" : "5"; dhparam = "1";
req |= (srv ? TLS_I_DH1024 : TLS_I_DH512); req |= TLS_I_DH1024;
} }
else if (*dhparam == '/') else if (*dhparam == '/')
{ {