3 files changed, 7 insertions, 4 deletions

diff --git a/UPDATING b/UPDATING
index c36529dfcfac..8cfcc1a671ee 100644
--- a/UPDATING
+++ b/UPDATING
@@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.x IS SLOW ON IA64 OR SUN4V:
 	debugging tools present in HEAD were left in place because
 	sun4v support still needs work to become production ready.
 
+20150618:	p31	FreeBSD-EN-15:08.sendmail
+	Improvements to sendmail TLS/DH interoperability. [EN-15:08]
+
 20150612:	p30	FreeBSD-SA-15:10.openssl
 	Fix multiple vulnerabilities in OpenSSL.  [SA-15:10]
 
diff --git a/contrib/sendmail/src/tls.c b/contrib/sendmail/src/tls.c
index 60d408e5e796..8bc88391d036 100644
--- a/contrib/sendmail/src/tls.c
+++ b/contrib/sendmail/src/tls.c
@@ -648,7 +648,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
 	**  512		generate 512 bit parameters (fixed)
 	**  1024	generate 1024 bit parameters
 	**  /file/name	read parameters from /file/name
-	**  default is: 1024 for server, 512 for client (OK? XXX)
+	**  default is: 1024
 	*/
 
 	if (bitset(TLS_I_TRY_DH, req))
@@ -672,8 +672,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
 		}
 		if (dhparam == NULL)
 		{
-			dhparam = srv ? "1" : "5";
-			req |= (srv ? TLS_I_DH1024 : TLS_I_DH512);
+			dhparam = "1";
+			req |= TLS_I_DH1024;
 		}
 		else if (*dhparam == '/')
 		{
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index ca9eb2f6483d..cd1e1450a9db 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="8.4"
-BRANCH="RELEASE-p30"
+BRANCH="RELEASE-p31"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi