Date: Sun, 14 Jun 2015 21:22:31 -0700 From: Gregory Shapiro <gshapiro@gshapiro.net> To: Frank Seltzer <frank_s@bellsouth.net> Cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 Message-ID: <20150615042231.GF21822@minime.local> In-Reply-To: <20150615032333.GE21822@minime.local> References: <alpine.BSF.2.20.1506141014130.852@Ace.nina.org> <20150614165507.GD95564@minime.local> <alpine.BSF.2.20.1506141333131.852@Ace.nina.org> <20150614180142.GE95564@minime.local> <alpine.BSF.2.20.1506141952140.853@Ace.nina.org> <20150615013517.GA19755@minime.local> <alpine.BSF.2.20.1506142236490.853@Ace.nina.org> <20150615032333.GE21822@minime.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 14, 2015 at 08:23:33PM -0700, Gregory Shapiro wrote: > > I created it per your instructions. See above about it not existing > > previously. > > Oh, sorry for the confusion. Seems an emergency patch is in order to change the default. For now, I've add an UPDATING entry: +20150614: + The import of openssl to address the FreeBSD-SA-15:10.openssl + security advisory includes a change which rejects handshakes + with DH parameters below 768 bits. sendmail releases prior + to 8.15.2 (not yet released), defaulted to a 512 bit + DH parameter setting for client connections. To work around + this interoperability, sendmail can be configured to use a + 2048 bit DH parameter by: + + 1. Edit /etc/mail/`hostname`.mc + 2. If a setting for confDH_PARAMETERS does not exist or + exists and is set to a string beginning with '5', + replace it with '2'. + 3. If a setting for confDH_PARAMETERS exists and is set to + a file path, create a new file with: + openssl dhparam -out /path/to/file 2048 + 4. Rebuild the .cf file: + cd /etc/mail/; make; make install + 5. Restart sendmail: + cd /etc/mail/; make restart + + A sendmail patch is coming, at which time this file will be + updated.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150615042231.GF21822>