Author: Phil Pennock Date: To: W B Hacker, exim users, Wolfgang Breyha Subject: Re: [exim] [exim-dev] Exim 4.80 RC7 uploaded
On 2012-05-30 at 20:38 -0400, Phil Pennock wrote: > Excellent news. I'll revert the change. Wolfgang, if you want to talk
> TLS to those folks, you're still able to do so. The
> EXIM_CLIENT_DH_MIN_BITS compile-time constant is exposed to
> Local/Makefile, and has been since I added it. It wasn't documented, as
> it's rather esoteric.
Oh right. I put a sanity bound on it. 1000 minimum.
This becomes EXIM_CLIENT_DH_MIN_MIN_BITS and
EXIM_CLIENT_DH_DEFAULT_MIN_BITS in git (shortly), set to 512 and 1024.
Thus the SMTP transport option "tls_dh_min_bits" defaults to 1024 and
can be set as low as 512, if you're crazy. Or raised, if you care.
It's an integer, not expanded, so if someone wants different values,
they'll have to use different transports; remote_smtp_secure vs
remote_smtp, and putting a whitelist of domains using the former, for
instance.
I would be surprised if as many as 0.01% of the user-base ever touch
this.