Timo Sirainen wrote:
Note that there's one big change here: DH parameters are now set for SSL to get forward secrecy, and Dovecot doesn't really start until it sees them for the first time. The first generation may take minutes, or even longer if you have an old computer.
Oh. And I thougt ssl was broken when I tested the latest cvs yesterday. The new message "... may take a while" is better. A "finished" message would also be nice.
If this becomes a real problem, I suppose I could include pregenerated DH parameters that are used until the generation completes for the first time..
I don't really know that this file is good for. Btw, it is created world readable, I hope that is by intention.
If a pregenerated file is not a security issue, it would be good to install it, I think. Otherwise it would be better to include such a parameter file, but not install it by default, so people can decide by themselves and nobody gets surprised (and the security people will also be happy).