Phil Pennock <pdp@???> wrote:
[...]
> I thought that this was a *new* check as part of the revamp and that
> before there was no minimum bound. I changed so many things I've lost
> track.
> In fact, *before* changing we had:
> #define DH_BITS 1024
> /* ... */
> gnutls_dh_set_prime_bits(session, DH_BITS);
> That's the function call which changes the minimum. So this is *not* a
> regression and Exim 4.77 would have been rejecting this too!
[...]
Hello,
it should have afaict from the code, however it did not as can be
tested when trying to connect to such a broken host. (See
http://bugs.debian.org/676563)
I am posting this information here for completeness sake, IMHO the
solution in GIT (keep 1024 limit, but add tls_dh_min_bits SMTP transport
option) is perfectly fine. Which is why we have applied the patch
to Debian's exim package.
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
