Phil Pennock <[email protected]> wrote: [...] > I thought that this was a *new* check as part of the revamp and that > before there was no minimum bound. I changed so many things I've lost > track.
> In fact, *before* changing we had: > #define DH_BITS 1024 > /* ... */ > gnutls_dh_set_prime_bits(session, DH_BITS); > That's the function call which changes the minimum. So this is *not* a > regression and Exim 4.77 would have been rejecting this too! [...] Hello, it should have afaict from the code, however it did not as can be tested when trying to connect to such a broken host. (See http://bugs.debian.org/676563) I am posting this information here for completeness sake, IMHO the solution in GIT (keep 1024 limit, but add tls_dh_min_bits SMTP transport option) is perfectly fine. Which is why we have applied the patch to Debian's exim package. cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
