Re: [exim] [exim-dev] Exim 4.80 RC7 uploaded

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M+\W B Hacker at <-
MMMAndreas Metzler at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: W B Hacker, exim users, Wolfgang Breyha
Subject: Re: [exim] [exim-dev] Exim 4.80 RC7 uploaded
On 2012-05-30 at 20:38 -0400, Phil Pennock wrote:
> Excellent news. I'll revert the change. Wolfgang, if you want to talk
> TLS to those folks, you're still able to do so. The
> EXIM_CLIENT_DH_MIN_BITS compile-time constant is exposed to
> Local/Makefile, and has been since I added it. It wasn't documented, as
> it's rather esoteric.

Oh right. I put a sanity bound on it. 1000 minimum.

This becomes EXIM_CLIENT_DH_MIN_MIN_BITS and
EXIM_CLIENT_DH_DEFAULT_MIN_BITS in git (shortly), set to 512 and 1024.
Thus the SMTP transport option "tls_dh_min_bits" defaults to 1024 and
can be set as low as 512, if you're crazy. Or raised, if you care.

It's an integer, not expanded, so if someone wants different values,
they'll have to use different transports; remote_smtp_secure vs
remote_smtp, and putting a whitelist of domains using the former, for
instance.

I would be surprised if as many as 0.01% of the user-base ever touch
this.

-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] exim delivery process hang at 100% cpuRe: [exim] exim delivery process hang at 100% cpu->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)