From: Phil Pennock Date: Thu, 31 May 2012 00:40:15 +0000 (-0400) Subject: Revert "Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512." X-Git-Tag: exim-4_80^0 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/bba74fc65f77dc6678b3d33eef0acf43efe8f653 Revert "Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512." This reverts commit 83f4c7515f3eb06dc070e78edd2694c1d088e5fd. This was not a new check! The call to gnutls_dh_set_prime_bits() was made with DH_BITS in Exim 4.77, so the only difference is that now an administrator can choose at compile time to change the lower bound. So keeping this at 1024 is not a regression and if we can't talk to them now, we couldn't before, and we shouldn't lower security by default. The reverted commit was only acceptable IF it was still better than what we had in Exim 4.77. --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 46e2dcf8a..6c0554b5a 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -165,10 +165,6 @@ PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built PP/39 Disable SSLv2 by default in OpenSSL support. -PP/40 Lower default size of EXIM_CLIENT_DH_MIN_BITS constant (used only by - GnuTLS at this time) from 1024 to 512. Cautious folk can override - in Local/Makefile. - Exim version 4.77 ----------------- diff --git a/doc/doc-txt/GnuTLS-FAQ.txt b/doc/doc-txt/GnuTLS-FAQ.txt index be46753e4..8d5887bac 100644 --- a/doc/doc-txt/GnuTLS-FAQ.txt +++ b/doc/doc-txt/GnuTLS-FAQ.txt @@ -248,7 +248,7 @@ left with no way to actually know the size of the freshly generated DH prime. Thus we check if the the value returned is at least 10 more than the minimum we'll accept as a client (EXIM_CLIENT_DH_MIN_BITS, see below, defaults to -512) and if it is, we subtract 10. Then we reluctantly deploy a strategy +1024) and if it is, we subtract 10. Then we reluctantly deploy a strategy called "hope". This is not guaranteed to be successful; in the first code pass on this logic, we subtracted 3, asked for 2233 bits and got 2240 in the first test. @@ -275,11 +275,7 @@ prime from section 2.2 of RFC 5114. A TLS client does not get to choose the DH prime used, but can choose a minimum acceptable value. For Exim, this is a compile-time constant called -"EXIM_CLIENT_DH_MIN_BITS" of 512, which can be overruled in "Local/Makefile". -(It should be higher, but some real-world sites are using dangerously small -values. Although some might argue that our old size of 1024 was dangerously -low; "opinions vary". This is expected to be a configure file option for -the Exim 4.81 release.) +"EXIM_CLIENT_DH_MIN_BITS" of 1024, which can be overruled in "Local/Makefile". diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index db0e2115f..c8bf634bc 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -152,7 +152,7 @@ callbacks. */ #endif #ifndef EXIM_CLIENT_DH_MIN_BITS -#define EXIM_CLIENT_DH_MIN_BITS 512 +#define EXIM_CLIENT_DH_MIN_BITS 1024 #endif /* With GnuTLS 2.12.x+ we have gnutls_sec_param_to_pk_bits() with which we