[Dovecot] 2048-bit Diffie-Hellman parameters

Reindl Harald h.reindl at thelounge.net
Tue Sep 24 12:28:08 EEST 2013


Am 24.09.2013 11:21, schrieb Stan Hoeppner:
> On 9/24/2013 1:48 AM, Marios Titas wrote:
>> Currently, dovecot generates two primes for Diffie-Hellman key
>> exchanges: a 512-bit one and a 1024-bit one. In light of recent
>> events, I think it would be wise to add support for 2048-bit primes as
>> well...
> 
> Why play incremental tiddly-winks with the NSA?  
> Go straight to 1048576 bit encryption.

is nothing else than a pointless polemic attitude

> That'll surely keep them out.  Oh, wait, all of your
> email leaves and arrives via public SMTP, which nobody encrypts...

maybe on your server, my logs showing the opposite and since
the "smtp" are outgoing messages your conclusion of "nobody"
is strange

cat maillog | grep smtp | grep -v smtpd | grep TLS | wc -l
12327

cat maillog | grep smtpd | grep TLS | wc -l
13350

cat maillog | grep smtp | grep -v smtpd | grep TLSv1.2 | wc -l
2603

cat maillog | grep smtpd | grep TLSv1.2 | wc -l
2219

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130924/cc34752a/attachment.bin>


More information about the dovecot mailing list