Re: [exim] [exim-dev] Exim 4.80 RC7 uploaded

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: W B Hacker
CC: exim users, Wolfgang Breyha
Subject: Re: [exim] [exim-dev] Exim 4.80 RC7 uploaded
On 2012-05-30 at 23:44 +0000, W B Hacker wrote:
> Sorry - I see that cure as worse than the disease.
>
> Potentially FAR worse.
>
> Who is expecting to even need to look at it as part of an upgrade when
> the default had not been broken?


You're quite right.

I thought that this was a *new* check as part of the revamp and that
before there was no minimum bound. I changed so many things I've lost
track.

In fact, *before* changing we had:

  #define DH_BITS      1024
  /* ... */
  gnutls_dh_set_prime_bits(session, DH_BITS);


That's the function call which changes the minimum. So this is *not* a
regression and Exim 4.77 would have been rejecting this too!

Excellent news. I'll revert the change. Wolfgang, if you want to talk
TLS to those folks, you're still able to do so. The
EXIM_CLIENT_DH_MIN_BITS compile-time constant is exposed to
Local/Makefile, and has been since I added it. It wasn't documented, as
it's rather esoteric.

I'll still make it a configure option for 4.81, so I won't document
EXIM_CLIENT_DH_MIN_BITS in spec.txt now, since it's likely to go away
again. Or be repurposed to be the lower bound with a default of 512
while the actual run-time option defaults to 1024.

-Phil