On Mon, Jan 16, 2006 at 10:10:09AM +0100, Jakob Hirsch wrote:
If this becomes a real problem, I suppose I could include pregenerated DH parameters that are used until the generation completes for the first time.. ... If a pregenerated file is not a security issue, it would be good to install it, I think. Otherwise it would be better to include such a
Timo Sirainen wrote: parameter file, but not install it by default, so people can decide by themselves and nobody gets surprised (and the security people will also be happy).
I think the best way (the usual way?) is to generate the files through the install script. That way you get unique files and you don't get surprised by the length of the task. Generalize to default self-signed certificates, etc.