[Dovecot] 2048-bit Diffie-Hellman parameters
Reindl Harald
h.reindl at thelounge.net
Tue Sep 24 12:28:08 EEST 2013
Am 24.09.2013 11:21, schrieb Stan Hoeppner:
> On 9/24/2013 1:48 AM, Marios Titas wrote:
>> Currently, dovecot generates two primes for Diffie-Hellman key
>> exchanges: a 512-bit one and a 1024-bit one. In light of recent
>> events, I think it would be wise to add support for 2048-bit primes as
>> well...
>
> Why play incremental tiddly-winks with the NSA?
> Go straight to 1048576 bit encryption.
is nothing else than a pointless polemic attitude
> That'll surely keep them out. Oh, wait, all of your
> email leaves and arrives via public SMTP, which nobody encrypts...
maybe on your server, my logs showing the opposite and since
the "smtp" are outgoing messages your conclusion of "nobody"
is strange
cat maillog | grep smtp | grep -v smtpd | grep TLS | wc -l
12327
cat maillog | grep smtpd | grep TLS | wc -l
13350
cat maillog | grep smtp | grep -v smtpd | grep TLSv1.2 | wc -l
2603
cat maillog | grep smtpd | grep TLSv1.2 | wc -l
2219
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130924/cc34752a/attachment.bin>
More information about the dovecot
mailing list