[Dovecot] dovecot-openssl.cnf - switch to 2048 bits?
Hello,
Just had a query, from security point of view.
Shouldn't dovecot-openssl.conf defaults now be 2048 bits?
i.e. default_bits = 1024
I have read that 1024 bit certificates are now deprecated, since Dec 31, 2013.
So may be we should have default as 2048 and can be changed manually if someone specifically wants 1024 or lower.
Regards,
A M
Am 22.04.2014 15:49, schrieb A M:
Just had a query, from security point of view.
Shouldn't dovecot-openssl.conf defaults now be 2048 bits?
i.e. default_bits = 1024
I have read that 1024 bit certificates are now deprecated, since Dec 31, 2013
if you really care you have to use 3072 and not 2048 and much more important get rid of SHA1 certs
3072 RSA matches AES128, for ECC 256
here you go:
http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverable... http://www.nsa.gov/business/programs/elliptic_curve.shtml
participants (2)
-
A M
-
Reindl Harald