be the name of a file that contains a CRL in PEM format.
+.new
+.option tls_dh_min_bits smtp integer 1024
+.cindex "TLS" "Diffie-Hellman minimum acceptable size"
+When establishing a TLS session, if a ciphersuite which uses Diffie-Hellman
+key agreement is negotiated, the server will provide a large prime number
+for use. This option establishes the minimum acceptable size of that number.
+If the parameter offered by the server is too small, then the TLS handshake
+will fail.
+
+Only supported when using GnuTLS.
+.wen
+
+
.option tls_privatekey smtp string&!! unset
.cindex "TLS" "client private key, location of"
.vindex "&$host$&"
The &%tls_require_ciphers%& options operate differently, as described in the
sections &<<SECTreqciphssl>>& and &<<SECTreqciphgnu>>&.
.next
+.new
+The &%tls_dh_min_bits%& SMTP transport option is only honoured by GnuTLS.
+When using OpenSSL, this option is ignored.
+(If an API is found to let OpenSSL be configured in this way,
+let the Exim Maintainers know and we'll likely use it).
+.wen
+.next
Some other recently added features may only be available in one or the other.
This should be documented with the feature. If the documentation does not
explicitly state that the feature is infeasible in the other TLS
PP/02 Make -n do something, by making it not do something.
When combined with -bP, the name of an option is not output.
+PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured
+ by GnuTLS.
+
Exim version 4.80
-----------------
For instance, "exim -n -bP pid_file_path" should just emit a pathname
followed by a newline, and no other text.
+ 3. When built with SUPPORT_TLS and USE_GNUTLS, the SMTP transport driver now
+ has a "tls_dh_min_bits" option, to set the minimum acceptable number of
+ bits in the Diffie-Hellman prime offered by a server (in DH ciphersuites)
+ acceptable for security. (Option accepted but ignored if using OpenSSL).
+ Defaults to 1024, the old value. May be lowered only to 512, or raised as
+ far as you like. Raising this may hinder TLS interoperability with other
+ sites and is not currently recommended. Lowering this will permit you to
+ establish a TLS session which is not as secure as you might like.
+
+ Unless you really know what you are doing, leave it alone.
+
Version 4.80
------------
tls_certificate string* unset main 3.20
unset smtp 3.20
tls_dh_max_bits integer 2236 main 4.80
+tls_dh_min_bits integer 1024 smtp 4.81
tls_dhparam string* unset main 3.20
tls_on_connect_ports string unset main 4.43
tls_privatekey string* unset main 3.20
-bh Test incoming SMTP call, omitting callouts
-bhc Test incoming SMTP call, with callouts
-bi * Run <command>bi_command</command>
+-bI:help Show list of accepted -bI:<tag> options
-bm Accept message on standard input
-bmalware + Invoke configured malware scanning against supplied filename
-bnq Don't qualify addresses in locally submitted messages
}
/* how many bits Exim, as a client, demands must be in D-H */
- /* as of GnuTLS 2.12.x, we ask for "normal" for D-H PK; before that, we
- specify the number of bits. We've stuck with the historical value, but
- it can be overridden. */
- else if ((strcmp(name, "EXIM_CLIENT_DH_MIN_BITS") == 0) ||
+ /* 1024 is a historical figure; some sites actually use lower, so we
+ permit the value to be lowered "dangerously" low, but not "insanely"
+ low. Though actually, 1024 is becoming "dangerous". */
+ else if ((strcmp(name, "EXIM_CLIENT_DH_MIN_MIN_BITS") == 0) ||
+ (strcmp(name, "EXIM_CLIENT_DH_DEFAULT_MIN_BITS") == 0) ||
(strcmp(name, "EXIM_SERVER_DH_BITS_PRE2_12") == 0))
{
long nv;
char *end;
nv = strtol(value, &end, 10);
- if (end != value && *end == '\0' && nv >= 1000 && nv < 50000)
+ if (end != value && *end == '\0' && nv >= 512 && nv < 500000)
{
fprintf(new, "%s\n", value);
}
#define EXIMDB_LOCK_TIMEOUT 60
#define EXIMDB_LOCKFILE_MODE 0640
#define EXIMDB_MODE 0640
-#define EXIM_CLIENT_DH_MIN_BITS
+#define EXIM_CLIENT_DH_MIN_MIN_BITS 512
+#define EXIM_CLIENT_DH_DEFAULT_MIN_BITS 1024
#define EXIM_GNUTLS_LIBRARY_LOG_LEVEL
#define EXIM_SERVER_DH_BITS_PRE2_12
#define EXIM_PERL
std_dh_prime_named(const uschar *);
extern int tls_client_start(int, host_item *, address_item *, uschar *,
uschar *, uschar *, uschar *, uschar *, uschar *, uschar *,
- int);
+ int, int);
extern void tls_close(BOOL);
extern int tls_feof(void);
extern int tls_ferror(void);
verify_certs file for certificate verify
verify_crl CRL for verify
require_ciphers list of allowed ciphers or NULL
+ dh_min_bits minimum number of bits acceptable in server's DH prime
timeout startup timeout
Returns: OK/DEFER/FAIL (because using common functions),
address_item *addr ARG_UNUSED, uschar *dhparam ARG_UNUSED,
uschar *certificate, uschar *privatekey, uschar *sni,
uschar *verify_certs, uschar *verify_crl,
- uschar *require_ciphers, int timeout)
+ uschar *require_ciphers, int dh_min_bits, int timeout)
{
int rc;
const char *error;
sni, verify_certs, verify_crl, require_ciphers, &state);
if (rc != OK) return rc;
-gnutls_dh_set_prime_bits(state->session, EXIM_CLIENT_DH_MIN_BITS);
+if (dh_min_bits < EXIM_CLIENT_DH_MIN_MIN_BITS)
+ {
+ DEBUG(D_tls)
+ debug_printf("WARNING: tls_dh_min_bits far too low, clamping %d up to %d\n",
+ dh_min_bits, EXIM_CLIENT_DH_MIN_MIN_BITS);
+ dh_min_bits = EXIM_CLIENT_DH_MIN_MIN_BITS;
+ }
+
+DEBUG(D_tls) debug_printf("Setting D-H prime minimum acceptable bits to %d\n",
+ dh_min_bits);
+gnutls_dh_set_prime_bits(state->session, dh_min_bits);
if (verify_certs == NULL)
{
verify_certs file for certificate verify
crl file containing CRL
require_ciphers list of allowed ciphers
+ dh_min_bits minimum number of bits acceptable in server's DH prime
+ (unused in OpenSSL)
timeout startup timeout
Returns: OK on success
tls_client_start(int fd, host_item *host, address_item *addr, uschar *dhparam,
uschar *certificate, uschar *privatekey, uschar *sni,
uschar *verify_certs, uschar *crl,
- uschar *require_ciphers, int timeout)
+ uschar *require_ciphers, int dh_min_bits ARG_UNUSED, int timeout)
{
static uschar txt[256];
uschar *expciphers;
(void *)offsetof(smtp_transport_options_block, tls_certificate) },
{ "tls_crl", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, tls_crl) },
+ { "tls_dh_min_bits", opt_int,
+ (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
{ "tls_privatekey", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, tls_privatekey) },
{ "tls_require_ciphers", opt_stringptr,
NULL, /* gnutls_require_kx */
NULL, /* gnutls_require_mac */
NULL, /* gnutls_require_proto */
+ NULL, /* tls_sni */
NULL, /* tls_verify_certificates */
- TRUE, /* tls_tempfail_tryclear */
- NULL /* tls_sni */
+ EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
+ /* tls_dh_min_bits */
+ TRUE /* tls_tempfail_tryclear */
#endif
#ifndef DISABLE_DKIM
,NULL, /* dkim_canon */
ob->tls_verify_certificates,
ob->tls_crl,
ob->tls_require_ciphers,
+ ob->tls_dh_min_bits,
ob->command_timeout);
/* TLS negotiation failed; give an error. From outside, this function may
uschar *gnutls_require_kx;
uschar *gnutls_require_mac;
uschar *gnutls_require_proto;
+ uschar *tls_sni;
uschar *tls_verify_certificates;
+ int tls_dh_min_bits;
BOOL tls_tempfail_tryclear;
- uschar *tls_sni;
#endif
#ifndef DISABLE_DKIM
uschar *dkim_domain;
git://git.exim.org / exim.git / commitdiff