SCIENTIFIC-LINUX-USERS Archives

July 2015

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Sendmail DH parameters fix: was: Re: SL5 problem with sendmail an openssl
From:
R P Herrold <[log in to unmask]>
Reply To:
R P Herrold <[log in to unmask]>
Date:
Wed, 15 Jul 2015 14:11:58 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (25 lines) 
On Fri, 10 Jul 2015, R P Herrold wrote:

We reached the following addition of a DH parameters file 
solution, which also solved the authentication issue for 
certain Apple email clients on IOS 8.4 (an update within the 
last month)

sendmail.mc fragment

define(`CERT_DIR',        `/etc/pki/tls')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
dnl https://www.sendmail.com/sm/open_source/docs/m4/tweaking_config.html  dnl
dnl http://weldon.whipple.org/sendmail/wwstarttls.html#DHParams dnl
dnl http://lists.freebsd.org/pipermail/freebsd-questions/2015-June/266456.htm
dnl >          3. If a setting for confDH_PARAMETERS exists and is set to dnl
dnl >             a file path, create a new file with:  dnl
dnl >                  openssl dhparam -out /path/to/file 2048 dnl
dnl >             for 2048-bit  dnl
dnl *** USED *** dnl
dnl     so: openssl dhparam -out /etc/pki/tls/certs/DH-options.pem 2048    dnl
dnl dnl
define(`confDH_PARAMETERS',  `CERT_DIR/certs/DH-options.pem')dnl

-- Russ herrold

ATOM RSS1 RSS2