On Tue, 2015-06-16 at 02:58 +0000, Gregory Neil Shapiro wrote: > Author: gshapiro > Date: Tue Jun 16 02:58:50 2015 > New Revision: 284436 > URL: https://svnweb.freebsd.org/changeset/base/284436 > > Log: > The import of openssl to address the FreeBSD-SA-15:10.openssl security > advisory includes a change which rejects handshakes with DH parameters > below 768 bits. sendmail releases prior to 8.15.2 (not yet released), > defaulted to a 512 bit DH parameter setting for client connections. > This commit chages that default to 1024 bits. sendmail 8.15.2, when > released well use a default of 2048 bits.
If upstream will be using 2048 bits, why not simply use that? -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: This is a digitally signed message part