[Dovecot] dovecot-openssl.cnf - switch to 2048 bits?
Reindl Harald
h.reindl at thelounge.net
Tue Apr 22 13:54:09 UTC 2014
Am 22.04.2014 15:49, schrieb A M:
> Just had a query, from security point of view.
>
> Shouldn't dovecot-openssl.conf defaults now be 2048 bits?
>
> i.e. default_bits = 1024
>
> I have read that 1024 bit certificates are now deprecated,
> since Dec 31, 2013
if you really care you have to use 3072 and not 2048
and much more important get rid of SHA1 certs
3072 RSA matches AES128, for ECC 256
________________________________________
here you go:
http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report
http://www.nsa.gov/business/programs/elliptic_curve.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140422/c8a72422/attachment.sig>
More information about the dovecot
mailing list