Am 24.09.2013 11:21, schrieb Stan Hoeppner:
On 9/24/2013 1:48 AM, Marios Titas wrote:
Currently, dovecot generates two primes for Diffie-Hellman key exchanges: a 512-bit one and a 1024-bit one. In light of recent events, I think it would be wise to add support for 2048-bit primes as well...
Why play incremental tiddly-winks with the NSA?
Go straight to 1048576 bit encryption.
is nothing else than a pointless polemic attitude
That'll surely keep them out. Oh, wait, all of your email leaves and arrives via public SMTP, which nobody encrypts...
maybe on your server, my logs showing the opposite and since the "smtp" are outgoing messages your conclusion of "nobody" is strange
cat maillog | grep smtp | grep -v smtpd | grep TLS | wc -l 12327
cat maillog | grep smtpd | grep TLS | wc -l 13350
cat maillog | grep smtp | grep -v smtpd | grep TLSv1.2 | wc -l 2603
cat maillog | grep smtpd | grep TLSv1.2 | wc -l 2219