diff options
| author | delphij <delphij@FreeBSD.org> | 2015-06-18 05:36:45 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2015-06-18 05:36:45 +0000 |
| commit | c77d1b2ce7c2c919cbc3d61d52132d7c88d6bc21 (patch) | |
| tree | 1fca439ce450c4e0692adc0e0b882ce056ae301d /sys/conf | |
| parent | 17b1c22cf566ffc540a06c72a7e24903d70bdbbc (diff) | |
| download | FreeBSD-src-c77d1b2ce7c2c919cbc3d61d52132d7c88d6bc21.zip FreeBSD-src-c77d1b2ce7c2c919cbc3d61d52132d7c88d6bc21.tar.gz | |
Raise the default for sendmail client connections to 1024-bit DH
parameters to imporve TLS/DH interoperability with newer SSL/TLS
suite, notably OpenSSL after FreeBSD 10.1-RELEASE-p12 (FreeBSD-
SA-15:10.openssl).
This is MFC of r284436 (gshapiro), the original commit message
was:
===
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
===
Reported by: Frank Seltzer
Errata Notice: FreeBSD-EN-15:08.sendmail
Approved by: so
Diffstat (limited to 'sys/conf')
| -rw-r--r-- | sys/conf/newvers.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index cba1d4e..25f4bae 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.1" -BRANCH="RELEASE-p12" +BRANCH="RELEASE-p13" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi |
