From 66c014bb0d4972b7d5915795dec376535089740c Mon Sep 17 00:00:00 2001
From: Phil Pennock <pdp@exim.org>
Date: Fri, 18 Sep 2020 10:25:42 -0400
Subject: Re-ran the conversion of all DH parameters

I get different results now to those I got before.

Now, using gen_pkcs3 linked against OpenSSL 1.1.1f-1ubuntu2 on Focal Fossa, I
get the results below.  The ffdhe2048 value now matches that at
<https://ssl-config.mozilla.org/ffdhe2048.txt>.

I ran the same code yesterday for just the ffdhe2048 item and got code which
seemed to me then to match what was already in the C file.  Something hinky is
going on, perhaps with my sanity.

(the commit IDs changee because of heavy rebasing (heiko))

(cherry picked from commit 76ed8115182e2daaadb437ec9655df8000796ec5)
(cherry picked from commit 0aafa26a5d3d528e79476c91537c28936154fe04)
---
 doc/doc-txt/ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc')

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index d741e3532..58ba70f02 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -258,6 +258,11 @@ HS/02 Handle SIGINT as we handle SIGTERM: terminate the Exim process.
 
 PP/01 Add a too-many-bad-recipients guard to the default config's RCPT ACL.
 
+PP/02 Bug 2643: Correct TLS DH constants.
+      A missing NUL termination in our code-generation tool had led to some
+      incorrect Diffie-Hellman constants in the Exim source.
+      Reported by kylon94, code-gen tool fix by Simon Arlott.
+
 
 Exim version 4.94
 -----------------
-- 
cgit v1.2.3