From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 21:36:51 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ECB3C966; Mon, 15 Jun 2015 21:36:51 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (jenkins-9.freebsd.org [8.8.178.209]) by mx1.freebsd.org (Postfix) with ESMTP id DB541253; Mon, 15 Jun 2015 21:36:51 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (localhost [127.0.0.1]) by jenkins-9.freebsd.org (Postfix) with ESMTP id 1F49DECE; Mon, 15 Jun 2015 21:36:52 +0000 (UTC) Date: Mon, 15 Jun 2015 21:36:52 +0000 (GMT) From: jenkins-admin@freebsd.org To: jenkins-admin@FreeBSD.org, freebsd-stable@FreeBSD.org, freebsd-i386@FreeBSD.org Message-ID: <1830947334.12.1434404212057.JavaMail.jenkins@jenkins-9.freebsd.org> In-Reply-To: <490088536.7.1434397018251.JavaMail.jenkins@jenkins-9.freebsd.org> References: <490088536.7.1434397018251.JavaMail.jenkins@jenkins-9.freebsd.org> Subject: $PROJECT_NAME - Build #$BUILD_NUMBER - $BUILD_STATUS MIME-Version: 1.0 X-Jenkins-Job: FreeBSD_STABLE_10-i386 X-Jenkins-Result: FAILURE Precedence: bulk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 21:36:52 -0000 $PROJECT_NAME - Build #$BUILD_NUMBER - $BUILD_STATUS: Check console output at $BUILD_URL to view the results. From owner-freebsd-stable@FreeBSD.ORG Tue Jun 16 03:05:10 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6A193A10 for ; Tue, 16 Jun 2015 03:05:10 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 34DE1D44 for ; Tue, 16 Jun 2015 03:05:10 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from minime.local ([IPv6:2601:647:4e01:8f7b:8164:e3e6:a4ad:6dab]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5G356Vv067366 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 15 Jun 2015 20:05:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434423908; bh=KXs6B4RUIwlESNg9xfGAyI546sQvmH2a53McTvLITkc=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=HfIecO+HsITCKvKNH4qUwLYJvcOZAAJrW9sxP4b7QqOS+Ar9Gq9rs5ZdCBYUPJ2/r gLz4zXzGCMBLE0bVqdX23cFL6zLgH2NjOEzwp1o0sfWRWnanZm4drAdkmsEHlb09DQ ZgyqlRrZm5mEo5mEK7uADy+0Si7JBIqaRQBgmepQ= Date: Mon, 15 Jun 2015 20:05:06 -0700 From: Gregory Shapiro To: Frank Seltzer Cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 Message-ID: <20150616030506.GE26025@minime.local> References: <20150614165507.GD95564@minime.local> <20150614180142.GE95564@minime.local> <20150615013517.GA19755@minime.local> <20150615032333.GE21822@minime.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 03:05:10 -0000 The change of default has been committed to HEAD and will be MFC'ed in the next day or two. Likewise, UPDATING from HEAD has been updated with: 20150615: The fix for the issue described in the 20150614 sendmail entry below has been been committed in revision 284436. The work around described in that entry is no longer needed unless the default setting is overridden by a confDH_PARAMETERS configuration setting of '5' or pointing to a 512 bit DH parameter file. On Mon, Jun 15, 2015 at 08:22:24AM -0400, Frank Seltzer wrote: > On Sun, 14 Jun 2015, Gregory Shapiro wrote: > > >>I created it per your instructions. See above about it not existing > >>previously. > > > >Oh, sorry for the confusion. Seems an emergency patch is in order to change the default. > > > >Would you be willing to test this patch (apply, build, install, remove dh.params file, and restart)? > > > >The patch changes the client and server default to 2048 (previous 512 and 1024) to help mitigate LogJam/WeakDH. > > > >Index: src/tls.c > >=================================================================== > >--- src/tls.c (revision 284402) > >+++ src/tls.c (working copy) > >@@ -676,8 +676,8 @@ > > } > > if (dhparam == NULL) > > { > >- dhparam = srv ? "1" : "5"; > >- req |= (srv ? TLS_I_DH1024 : TLS_I_DH512); > >+ dhparam = "2"; > >+ req |= TLS_I_DH2048; > > } > > else if (*dhparam == '/') > > { > > Do you mean just build and install sendmail or world and kernel? I can do > world and kernel if you want me to, it only takes about 2 hours to build > world and 20 minutes to build the kernel so it's no big deal. I'll need > instruction on how to patch the file though, I've never done it before. >