base.m4: Be slacker about DH lengths.

[exim-config] / base.m4

diff --git a/base.m4 b/base.m4
index 25328e72627ea7284e9db82403a7769b5e8a276f..e78194a5645a484e2601c0a1a042a7340d76f38c 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -418,7 +418,7 @@ smtp:
        driver = smtp
        APPLY_HEADER_CHANGES
        tls_require_ciphers = CONF_acceptable_ciphers
-       tls_dh_min_bits = 1020
+       tls_dh_min_bits = 508
        tls_tempfail_tryclear = true
 
 m4_define(<:SMTP_TRANS_DHBITS:>,
@@ -441,10 +441,14 @@ m4_define(<:SMTP_TRANS_DHBITS:>,
                      {CONF_acceptable_ciphers})
        tls_dh_min_bits = $1
        tls_tempfail_tryclear = true:>)m4_dnl
+smtp_dhbits_512:
+       SMTP_TRANS_DHBITS(508)
+smtp_dhbits_768:
+       SMTP_TRANS_DHBITS(764)
 smtp_dhbits_1024:
        SMTP_TRANS_DHBITS(1020)
 smtp_dhbits_2048:
-       SMTP_TRANS_DHBITS(2046)
+       SMTP_TRANS_DHBITS(2044)
 
 ## Transport to a local SMTP server; use TLS and perform client
 ## authentication.