On Mon, Jun 15, 2015 at 5:22 AM, Frank Seltzer <fran...@bellsouth.net>
wrote:
> On Sun, 14 Jun 2015, Gregory Shapiro wrote:
>
> I created it per your instructions. See above about it not existing
>>> previously.
>>>
>>
>> Oh, sorry for the confusion. Seems an emergency patch is in order to
>> change the default.
>>
>> Would you be willing to test this patch (apply, build, install, remove
>> dh.params file, and restart)?
>>
>> The patch changes the client and server default to 2048 (previous 512 and
>> 1024) to help mitigate LogJam/WeakDH.
>>
>> Index: src/tls.c
>> ===================================================================
>> --- src/tls.c (revision 284402)
>> +++ src/tls.c (working copy)
>> @@ -676,8 +676,8 @@
>> }
>> if (dhparam == NULL)
>> {
>> - dhparam = srv ? "1" : "5";
>> - req |= (srv ? TLS_I_DH1024 : TLS_I_DH512);
>> + dhparam = "2";
>> + req |= TLS_I_DH2048;
>> }
>> else if (*dhparam == '/')
>> {
>>
>
> Do you mean just build and install sendmail or world and kernel? I can do
> world and kernel if you want me to, it only takes about 2 hours to build
> world and 20 minutes to build the kernel so it's no big deal. I'll need
> instruction on how to patch the file though, I've never done it before.
>
No meed to rebuild the kernel (this is a patch to sendmail and is not tied
to the kernel in any way) or world. Just rebuild sendmail.
# cd /usr/src/contrib/sendmail
# patch < PATCHFILE (or edit the file by hand)
# cd /usr/src/usr.sbin/sendmail
# make obj
# make clean
# make
# make install
That should do it.
--
Kevin Oberman, Network Engineer, Retired
E-mail: rkober...@gmail.com
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
