DKIM: disallow default acceptance of sha1 for verify

[exim.git] / src / src / globals.c

diff --git a/src/src/globals.c b/src/src/globals.c
index 87ff2e65fca05feb2de42f7caed90671b8277555..b874c466909bb108a332ef54797d3513eb362910 100644 (file)
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -831,7 +831,7 @@ void   *dkim_signatures              = NULL;
 uschar *dkim_signers             = NULL;
 uschar *dkim_signing_domain      = NULL;
 uschar *dkim_signing_selector    = NULL;
-uschar *dkim_verify_hashes       = US"sha256:sha512:sha1";
+uschar *dkim_verify_hashes       = US"sha256:sha512";
 uschar *dkim_verify_keytypes     = US"ed25519:rsa";
 BOOL   dkim_verify_minimal      = FALSE;
 uschar *dkim_verify_overall      = NULL;