From owner-svn-src-all@FreeBSD.ORG Wed Jun 17 00:26:55 2015 Return-Path: Delivered-To: svn-src-all@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7CA7195A; Wed, 17 Jun 2015 00:26:55 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 63D88F36; Wed, 17 Jun 2015 00:26:55 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from C02N93Y5G3QT.corp.proofpoint.com (mx2.proofpoint.com [208.86.202.10]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5H0QmFg093698 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 16 Jun 2015 17:26:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434500815; bh=SWtWE1IPZzQAWJcsglXkxMTBtyMd1zJNTF6YJDmOIjg=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=Pdj9hODZ/YLR2vslEafj+ThgCqPEFLW4je4fgGIQolF5jQbfPcX9oaif8RYlcbC4D yYQY0eloeiLWFl7xM6X0LNajk6VfeXyAfkB7x/lWBgMLBpOm5dG4GzhWzT0LYNrFVn hLrjKqJGVRSb4nx4sEfmpA46AsyFlouxa3foToro= Date: Tue, 16 Jun 2015 17:26:48 -0700 From: Gregory Shapiro To: Shawn Webb Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r284436 - head/contrib/sendmail/src Message-ID: <20150617002637.GN96521@C02N93Y5G3QT.corp.proofpoint.com> References: <201506160258.t5G2wo3a055792@svn.freebsd.org> <1434487758.5828.6.camel@hardenedbsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1434487758.5828.6.camel@hardenedbsd.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 00:26:55 -0000 > > This commit chages that default to 1024 bits. sendmail 8.15.2, when > > released well use a default of 2048 bits. > > If upstream will be using 2048 bits, why not simply use that? The upstream is going to do this with a precomputed 2048 bit DH parameter. To keep this interim fix simple and not a performance degradation, I went with a run-time generated 1024 bit. Sites which wish to use 2048 run time can override the default in their configuration. Likewise, when 8.15.2 is imported, sites that prefer not to use a precomputed DH parameter can create their own by overriding the default to use a run-time or their own precomputed (but "unique") using a DH parameter file on the local file system.