22 Apr
2014
22 Apr
'14
4:54 p.m.
Am 22.04.2014 15:49, schrieb A M:
Just had a query, from security point of view.
Shouldn't dovecot-openssl.conf defaults now be 2048 bits?
i.e. default_bits = 1024
I have read that 1024 bit certificates are now deprecated, since Dec 31, 2013
if you really care you have to use 3072 and not 2048 and much more important get rid of SHA1 certs
3072 RSA matches AES128, for ECC 256
here you go:
http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverable... http://www.nsa.gov/business/programs/elliptic_curve.shtml