On 2012-05-30 at 23:44 +0000, W B Hacker wrote: > Sorry - I see that cure as worse than the disease. > > Potentially FAR worse. > > Who is expecting to even need to look at it as part of an upgrade when > the default had not been broken?
You're quite right. I thought that this was a *new* check as part of the revamp and that before there was no minimum bound. I changed so many things I've lost track. In fact, *before* changing we had: #define DH_BITS 1024 /* ... */ gnutls_dh_set_prime_bits(session, DH_BITS); That's the function call which changes the minimum. So this is *not* a regression and Exim 4.77 would have been rejecting this too! Excellent news. I'll revert the change. Wolfgang, if you want to talk TLS to those folks, you're still able to do so. The EXIM_CLIENT_DH_MIN_BITS compile-time constant is exposed to Local/Makefile, and has been since I added it. It wasn't documented, as it's rather esoteric. I'll still make it a configure option for 4.81, so I won't document EXIM_CLIENT_DH_MIN_BITS in spec.txt now, since it's likely to go away again. Or be repurposed to be the lower bound with a default of 512 while the actual run-time option defaults to 1024. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
