DHParameters |
Parameters for DSA/DH cipher suite | V8.11 and later |
Item |
Meaning |
---|---|
none |
No parameters, so don't use DH |
512 |
Generate 512-bit fixed parameters |
1024 |
Generate 1024-bit fixed parameters |
/path/file |
Read the parameters from a file |
If you list the /path/file item, the file referenced must live in a safe path, one that is writable only by root.
If you use an item that is not in the table, one of the following errors will print and be logged, depending on whether sendmail is in the role of a client or server:
STARTTLS=client, error: illegal value 'bad item' for DHParam STARTTLS=server, error: illegal value 'bad item' for DHParam
This option should be defined only if a cipher suite containing DSA/DH is used. Otherwise, you should leave it undefined.
The DHParameters option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.