[Dovecot] 2048-bit Diffie-Hellman parameters
Robert Schetterer
rs at sys4.de
Tue Sep 24 11:05:05 EEST 2013
Am 24.09.2013 08:48, schrieb Marios Titas:
> Currently, dovecot generates two primes for Diffie-Hellman key
> exchanges: a 512-bit one and a 1024-bit one. In light of recent
> events, I think it would be wise to add support for 2048-bit primes as
> well, or even better, add a configuration option that lets the user
> select a file (or files) containing the DH parameters
>
> In recent years, there has been increased interest in DH especially in
> its ephemeral version (DHE) because it provides perfect forward
> secrecy. In that context, the use of 1024-bit parameters might not
> seem such a terrible idea: if someone cracks the ephemeral key then
> they will only gain access to the data exchanged during that
> particular session. Therefore, it might not be worth the effort to
> crack such a key. But this is certainly not the case for IMAPS: it is
> quite likely that the session data will include the user's
> credentials.
>
you may get problems with older mail clients , on smtp side i discovered
i.e netscape 7 ist not able to handle stuff bigger then 1024
but some more configure options maybe fine ever
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list