[Dovecot] 1.0 beta1 testing
Jakob Hirsch
jh at plonk.de
Mon Jan 16 11:10:09 EET 2006
Timo Sirainen wrote:
> Note that there's one big change here: DH parameters are now set for SSL
> to get forward secrecy, and Dovecot doesn't really start until it sees
> them for the first time. The first generation may take minutes, or even
> longer if you have an old computer.
Oh. And I thougt ssl was broken when I tested the latest cvs yesterday.
The new message "... may take a while" is better. A "finished" message
would also be nice.
> If this becomes a real problem, I suppose I could include pregenerated
> DH parameters that are used until the generation completes for the first
> time..
I don't really know that this file is good for. Btw, it is created world
readable, I hope that is by intention.
If a pregenerated file is not a security issue, it would be good to
install it, I think. Otherwise it would be better to include such a
parameter file, but not install it by default, so people can decide by
themselves and nobody
gets surprised (and the security people will also be happy).
More information about the dovecot
mailing list