https://bugs.exim.org/show_bug.cgi?id=1837
--- Comment #5 from Luke Valenta <luke.valenta@???> ---
Yes, my mistake. You are correct that DH_check_pub_key is not called from the
Exim code, and you should not have to worry about calling it. I believe that it
is called during the SSL_accept function (which is called from Exim).
In light of this, the only changes that should be made to the Exim code are
replacing the Diffie-Hellman parameters for DSA groups 22, 23, and 24 with a
version that includes the orders of their subgroups. I've attached a git patch
with updated DH parameters, as generated by the following OpenSSL commands:
Group 22:
openssl genpkey -genparam -algorithm DH -outform PEM -pkeyopt dh_rfc5114:1
Group 23:
openssl genpkey -genparam -algorithm DH -outform PEM -pkeyopt dh_rfc5114:2
Group 24:
openssl genpkey -genparam -algorithm DH -outform PEM -pkeyopt dh_rfc5114:3
--
You are receiving this mail because:
You are on the CC list for the bug.
