66_enlarge-dh-parameters-size.dpatch causing some problems

Kevin J. McCarthy kevin at 8t8.us
Thu May 24 02:31:06 UTC 2012


I was going to file a bug, but wanted to send an email first to get some
background and reactions.  Recently, exim4 stopped being able to relay
mail to FastMail (as a smarthost).  I think FastMail decreased their
Diffie–Hellman prime key to 1024 bits because some iOS users were having
problems.  But then exim4 on Debian started having problems.

I tracked this down to 66_enlarge-dh-parameters-size.dpatch, which
changes the default minimum prime key size in exim4 to 2048.  I realize
it's in the interest of end-users to have their secure connections
actually be secure, but am wondering if this will start to affect other
people too.

I couldn't find an entry in the changelog about this patch.  Do any of
you remember the motivation for this patch?  Would it even be considered
to remove this patch from squeeze and wheezy?

In the mean time I have rebuilt my packages and provided instructions on
FastMail's forums on how to do this, but it would be nice to not have to
rebuild exim4 from now on.


More information about the Pkg-exim4-maintainers mailing list