On 22 June 2018 at 10:18 tai74@vfemail.net wrote:
hi sorry if question was asked already. Was reading https://wiki2.dovecot.org/Upgrading/2.3
first I'm confused on diffie hellman parameters file. I never set up
ssl-parameters.dat before (should i have? do I have one that was
automatically made for me by dovecot?)Do I need to make a fresh dh.pem? The upgrade doc tells how to convert
ssl-parameters.dat but how to make a new one?
2.2 makes the ssl-parameters.dat automatically. You can choose to either use that with the instructions given, or you can make a fresh one using openssl gendh 4096 > dh.pem
Note that this will require quite a lot of entropy, so you should probably ensure that you run it on a laptop or with virtual machine that has some entropy source/helper.
other question is if I copy ssl_min_protocol from example config into
my existing config is that enough? do experts on this list recommend
any tweaks that increase client requirements more than dovecot
developers are comfortable with but will ensure more secure protocol
usage?
ssl_min_protocols defines the minimum TLS protocol the server supports. We recommend TLSv1, but if you want, you can experiment with TLSv1.2, which will decrease client compability a bit.
Aki
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!