Am 24.09.2013 08:48, schrieb Marios Titas:
Currently, dovecot generates two primes for Diffie-Hellman key exchanges: a 512-bit one and a 1024-bit one. In light of recent events, I think it would be wise to add support for 2048-bit primes as well, or even better, add a configuration option that lets the user select a file (or files) containing the DH parameters
In recent years, there has been increased interest in DH especially in its ephemeral version (DHE) because it provides perfect forward secrecy. In that context, the use of 1024-bit parameters might not seem such a terrible idea: if someone cracks the ephemeral key then they will only gain access to the data exchanged during that particular session. Therefore, it might not be worth the effort to crack such a key. But this is certainly not the case for IMAPS: it is quite likely that the session data will include the user's credentials.
you may get problems with older mail clients , on smtp side i discovered i.e netscape 7 ist not able to handle stuff bigger then 1024 but some more configure options maybe fine ever
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein