3 files changed, 7 insertions, 4 deletions

diff --git a/UPDATING b/UPDATING
index ade4d5303760..1c0be982aef8 100644
--- a/UPDATING
+++ b/UPDATING
@@ -11,6 +11,9 @@ handbook:
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20150618:	p17	FreeBSD-EN-15:08.sendmail
+	Improvements to sendmail TLS/DH interoperability. [EN-15:08]
+
 20150612:	p16	FreeBSD-SA-15:10.openssl
 	Fix multiple vulnerabilities in OpenSSL.  [SA-15:10]
 
diff --git a/contrib/sendmail/src/tls.c b/contrib/sendmail/src/tls.c
index 75207ee4a1f0..ca93ee8b730f 100644
--- a/contrib/sendmail/src/tls.c
+++ b/contrib/sendmail/src/tls.c
@@ -650,7 +650,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
 	**  1024	generate 1024 bit parameters
 	**  2048	generate 2048 bit parameters
 	**  /file/name	read parameters from /file/name
-	**  default is: 1024 for server, 512 for client (OK? XXX)
+	**  default is: 1024
 	*/
 
 	if (bitset(TLS_I_TRY_DH, req))
@@ -676,8 +676,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
 		}
 		if (dhparam == NULL)
 		{
-			dhparam = srv ? "1" : "5";
-			req |= (srv ? TLS_I_DH1024 : TLS_I_DH512);
+			dhparam = "1";
+			req |= TLS_I_DH1024;
 		}
 		else if (*dhparam == '/')
 		{
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 7561a45f6298..4c4debea728a 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.3"
-BRANCH="RELEASE-p16"
+BRANCH="RELEASE-p17"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi