Created attachment 216907 [details]
Patch against /base/head/etc/sendmail/freebsd.mc
freebsd.mc sets confDH_PARAMETERS to a file parameter, dh.param. This file is not created by /etc/rc.d/sendmail, which just provides rsa keys and certificates to enable a working, minimal sendmail TLS setup. Running default configuration, sendmail complains about nonexistent file.
I'm unsure whether confDH_PARAMETERS should be set at all since DSA keys are not used: maybe telling sendmail to generate 1024-bit length parameters is enough.
Over sendmail maintainer.
Thank you for the report.
I'm tempted to remove the DH_PARAMETERS line from freebsd.mc completely and returning to using the built-in default (added in sendmail 8.15.2 after this line was added to freebsd.mc). However, I want to get John-Mark's input since he added the change in rev 256773:
@jmg: How would you like to proceed?
Thank you for looking into this!
Bumping this one. The behavior without confDH_PARAMTERS set in FREEBSD-12.2 is to use sendmail's internal default:
STARTTLS=server, Diffie-Hellman init, key=2048 bit (I)
I agree that removing it is the best path forward.
Hitting up @jmg one last time. If we don't hear back by Feb 15th, I'll proceed.