diff options
author | Andreas Metzler <ametzler@debian.org> | 2012-06-08 10:30:00 +0000 |
---|---|---|
committer | Andreas Metzler <ametzler@debian.org> | 2012-06-08 10:30:00 +0000 |
commit | 60401c53f515d54f84440a52dbe4bfb85bcdc8bc (patch) | |
tree | 4233db8a8e6338f523558fe4d6671f5fa099c543 | |
parent | 42e279f0678d3b2891cbec22ae115de43f27b364 (diff) | |
download | exim4-60401c53f515d54f84440a52dbe4bfb85bcdc8bc.tar.gz |
Add macro TLS_DH_MIN_BITS for setting the tls_dh_min_bits smtp transport
option. Closes: #676563
svn path=/exim/trunk/; revision=2742
-rw-r--r-- | debian/README.Debian.xml | 9 | ||||
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/debconf/conf.d/transport/30_exim4-config_remote_smtp | 3 | ||||
-rw-r--r-- | debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost | 3 |
4 files changed, 17 insertions, 0 deletions
diff --git a/debian/README.Debian.xml b/debian/README.Debian.xml index e2b34ce..d4998a6 100644 --- a/debian/README.Debian.xml +++ b/debian/README.Debian.xml @@ -1178,6 +1178,15 @@ operation is requested. Please check that your <filename>/dev/random</filename> device is setup properly. </para> + <para> + You might also find "TLS error on connection to [...] + (gnutls_handshake): The Diffie-Hellman prime sent by the server is + not acceptable (not long enough)." given as reason. Exim by default + requires a DH prime length of 1024 bits. This requirement can be + downgraded by setting the tls_dh_min_bits option on the SMTP + transport. The setting is accessible in the Debian configuration by + setting the macro TLS_DH_MIN_BITS. (e.g. "TLS_DH_MIN_BITS = 768"). + </para> </section> </section> <section id="smtp-auth"> <title>SMTP-AUTH</title> diff --git a/debian/changelog b/debian/changelog index 4e6b700..0e7d7da 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,8 @@ exim4 (4.80-3) UNRELEASED; urgency=low forced expansion failure is configured. * Pull 76_tls_dh_min_bits.diff from upstream. Adds a new SMTP transport option tls_dh_min_bits for setting the minimal size of DH parameters. + * Add macro TLS_DH_MIN_BITS for setting the tls_dh_min_bits smtp transport + option. Closes: #676563 -- Andreas Metzler <ametzler@debian.org> Sun, 03 Jun 2012 17:29:00 +0200 diff --git a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp index 370ba01..1b2ceae 100644 --- a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp +++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp @@ -36,3 +36,6 @@ dkim_strict = DKIM_STRICT .ifdef DKIM_SIGN_HEADERS dkim_sign_headers = DKIM_SIGN_HEADERS .endif +.ifdef TLS_DH_MIN_BITS +tls_dh_min_bits = TLS_DH_MIN_BITS +.endif diff --git a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost index 36ad7c4..31015a4 100644 --- a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost +++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost @@ -27,3 +27,6 @@ remote_smtp_smarthost: .ifdef REMOTE_SMTP_HELO_DATA helo_data=REMOTE_SMTP_HELO_DATA .endif +.ifdef TLS_DH_MIN_BITS +tls_dh_min_bits = TLS_DH_MIN_BITS +.endif |