CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2011/03/15 13:24:55
Modified files:
usr.sbin/smtpd : smtp.c smtpd.c smtpd.conf.5 smtpd.h ssl.c
Log message:
let smtpd use user-provided Diffie-Hellman parameters for ephemeral key
exchange. if no DH parameters are found, fallback to builtin parameters
as was done until now.
since we now accept user-provided DH parameters, make smtpd more strict
and fatal() if the parameters are bogus.
bump the key size of the DH parameters from 512bits to 1024bits, it might
be bumped further after some more research.
thanks to mikeb@ for his suggestions
diff ok mikeb@ , man ok jmc@
