On Sun, Jan 29, 2017 at 07:51:38AM -0700, Kyle Amon wrote:
> Ahem. I still think it would be great if this could get applied
> before yet another release goes by. ;)
I have tested it. The server cypher list changes from
* SSLv23 TLSv1_2 DHE-RSA-AES256-GCM-SHA384
* TLSv1_2 TLSv1_2 DHE-RSA-AES256-GCM-SHA384
* TLSv1_1 TLSv1_1 DHE-RSA-AES256-SHA
* TLSv1 TLSv1 DHE-RSA-AES256-SHA
to
* SSLv23 TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384
* TLSv1_2 TLSv1_2 ECDHE-RSA-AES256-GCM-SHA384
* TLSv1_1 TLSv1_1 ECDHE-RSA-AES256-SHA
* TLSv1 TLSv1 ECDHE-RSA-AES256-SHA
We also need a revision bump.
ok?
bluhm
Index: mail/sendmail/Makefile
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/mail/sendmail/Makefile,v
retrieving revision 1.16
diff -u -p -r1.16 Makefile
--- mail/sendmail/Makefile 14 Dec 2016 14:28:54 -0000 1.16
+++ mail/sendmail/Makefile 29 Jan 2017 20:15:45 -0000
@@ -7,7 +7,7 @@ V= 8.15.2
DISTNAME = sendmail.${V}
PKGNAME-main = sendmail-${V}
PKGNAME-libmilter = libmilter-${V}
-REVISION-main = 1
+REVISION-main = 2
FULLPKGNAME-libmilter = libmilter-${V}
FULLPKGPATH-libmilter = mail/sendmail,-libmilter
Index: mail/sendmail/files/site.OS.m4
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/mail/sendmail/files/site.OS.m4,v
retrieving revision 1.2
diff -u -p -r1.2 site.OS.m4
--- mail/sendmail/files/site.OS.m4 16 Sep 2014 19:54:29 -0000 1.2
+++ mail/sendmail/files/site.OS.m4 29 Jan 2017 20:12:48 -0000
@@ -32,6 +32,8 @@ APPENDDEF(`conf_libmilter_ENVDEF', `-DMI
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
dnl (START)TLS
APPENDDEF(`confENVDEF', `-DSTARTTLS')dnl
+APPENDDEF(`confENVDEF', `-D_FFR_TLS_EC')dnl
+APPENDDEF(`confENVDEF', `-D_FFR_TLS_SE_OPTS')dnl
APPENDDEF(`confLIBS', `-lssl -lcrypto')dnl
dnl Flavors
dnl =======
