diff options
author | Phil Pennock <pdp@exim.org> | 2012-05-30 20:40:15 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-05-30 20:40:15 -0400 |
commit | bba74fc65f77dc6678b3d33eef0acf43efe8f653 (patch) | |
tree | b12a012b6aa387392d01990b8627f0b0859a4bf0 /src | |
parent | 83f4c7515f3eb06dc070e78edd2694c1d088e5fd (diff) |
Revert "Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512."exim-4_80
This reverts commit 83f4c7515f3eb06dc070e78edd2694c1d088e5fd.
This was not a new check! The call to gnutls_dh_set_prime_bits() was
made with DH_BITS in Exim 4.77, so the only difference is that now an
administrator can choose at compile time to change the lower bound.
So keeping this at 1024 is not a regression and if we can't talk to them
now, we couldn't before, and we shouldn't lower security by default.
The reverted commit was only acceptable IF it was still better than what
we had in Exim 4.77.
Diffstat (limited to 'src')
-rw-r--r-- | src/src/tls-gnu.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index db0e2115f..c8bf634bc 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -152,7 +152,7 @@ callbacks. */ #endif #ifndef EXIM_CLIENT_DH_MIN_BITS -#define EXIM_CLIENT_DH_MIN_BITS 512 +#define EXIM_CLIENT_DH_MIN_BITS 1024 #endif /* With GnuTLS 2.12.x+ we have gnutls_sec_param_to_pk_bits() with which we |