From bba74fc65f77dc6678b3d33eef0acf43efe8f653 Mon Sep 17 00:00:00 2001
From: Phil Pennock <pdp@exim.org>
Date: Wed, 30 May 2012 20:40:15 -0400
Subject: Revert "Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512."

This reverts commit 83f4c7515f3eb06dc070e78edd2694c1d088e5fd.

This was not a new check!  The call to gnutls_dh_set_prime_bits() was
made with DH_BITS in Exim 4.77, so the only difference is that now an
administrator can choose at compile time to change the lower bound.

So keeping this at 1024 is not a regression and if we can't talk to them
now, we couldn't before, and we shouldn't lower security by default.
The reverted commit was only acceptable IF it was still better than what
we had in Exim 4.77.
---
 doc/doc-txt/ChangeLog | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'doc/doc-txt/ChangeLog')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 46e2dcf8a..6c0554b5a 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -165,10 +165,6 @@ PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
 
 PP/39 Disable SSLv2 by default in OpenSSL support.
 
-PP/40 Lower default size of EXIM_CLIENT_DH_MIN_BITS constant (used only by
-      GnuTLS at this time) from 1024 to 512.  Cautious folk can override
-      in Local/Makefile.
-
 
 Exim version 4.77
 -----------------
-- 
cgit v1.2.3