On 27/05/2015 05:22, Gedalya wrote:
It looks like there is an error on this page regarding regeneration. In current dovecots ssl_parameters_regenerate defaults to zero, and this means regeneration is disabled. The old default was 168 hours (1 week). The language on http://wiki2.dovecot.org/SSL/DovecotConfiguration is confusing and could be understood to mean that the current default is one week.
I'd read that dovecot wiki page, and the weakdh page, and - indeed - formed the impression that the defaults on our server were ok.
To enable regeneration you can manually set: ssl_parameters_regenerate = 60 days or: ssl_parameters_regenerate = 1 weeks
I couldn't find an entry in 10-ssl.config that covered regeneration (though our version is 2.2.15 and the current release, 2.2.18, may differ).
I created an entry from scratch, with the example you posted but set to 7 days, and placed that in 10-ssl.config .
Thank you very much for the advice.
regards, Ron