[Dovecot] 2048-bit Diffie-Hellman parameters
h.reindl at thelounge.net
Tue Sep 24 12:28:08 EEST 2013
Am 24.09.2013 11:21, schrieb Stan Hoeppner:
> On 9/24/2013 1:48 AM, Marios Titas wrote:
>> Currently, dovecot generates two primes for Diffie-Hellman key
>> exchanges: a 512-bit one and a 1024-bit one. In light of recent
>> events, I think it would be wise to add support for 2048-bit primes as
> Why play incremental tiddly-winks with the NSA?
> Go straight to 1048576 bit encryption.
is nothing else than a pointless polemic attitude
> That'll surely keep them out. Oh, wait, all of your
> email leaves and arrives via public SMTP, which nobody encrypts...
maybe on your server, my logs showing the opposite and since
the "smtp" are outgoing messages your conclusion of "nobody"
cat maillog | grep smtp | grep -v smtpd | grep TLS | wc -l
cat maillog | grep smtpd | grep TLS | wc -l
cat maillog | grep smtp | grep -v smtpd | grep TLSv1.2 | wc -l
cat maillog | grep smtpd | grep TLSv1.2 | wc -l
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 263 bytes
Desc: OpenPGP digital signature
More information about the dovecot