https://bugs.exim.org/show_bug.cgi?id=1837
--- Comment #5 from Luke Valenta <[email protected]> --- Yes, my mistake. You are correct that DH_check_pub_key is not called from the Exim code, and you should not have to worry about calling it. I believe that it is called during the SSL_accept function (which is called from Exim). In light of this, the only changes that should be made to the Exim code are replacing the Diffie-Hellman parameters for DSA groups 22, 23, and 24 with a version that includes the orders of their subgroups. I've attached a git patch with updated DH parameters, as generated by the following OpenSSL commands: Group 22: openssl genpkey -genparam -algorithm DH -outform PEM -pkeyopt dh_rfc5114:1 Group 23: openssl genpkey -genparam -algorithm DH -outform PEM -pkeyopt dh_rfc5114:2 Group 24: openssl genpkey -genparam -algorithm DH -outform PEM -pkeyopt dh_rfc5114:3 -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
