Re: [exim] [exim-dev] Exim 4.80 RC7 uploaded

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [exim] [exim-dev] Exim 4.80 RC7 uploaded
Phil Pennock <pdp@???> wrote:
[...]
> I thought that this was a *new* check as part of the revamp and that
> before there was no minimum bound. I changed so many things I've lost
> track.


> In fact, *before* changing we had:


>  #define DH_BITS      1024
>  /* ... */
>  gnutls_dh_set_prime_bits(session, DH_BITS);


> That's the function call which changes the minimum. So this is *not* a
> regression and Exim 4.77 would have been rejecting this too!

[...]

Hello,

it should have afaict from the code, however it did not as can be
tested when trying to connect to such a broken host. (See
http://bugs.debian.org/676563)

I am posting this information here for completeness sake, IMHO the
solution in GIT (keep 1024 limit, but add tls_dh_min_bits SMTP transport
option) is perfectly fine. Which is why we have applied the patch
to Debian's exim package.

cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'