[Dovecot] dovecot-openssl.cnf - switch to 2048 bits?

Reindl Harald h.reindl at thelounge.net
Tue Apr 22 13:54:09 UTC 2014



Am 22.04.2014 15:49, schrieb A M:
> Just had a query, from security point of view.
> 
> Shouldn't dovecot-openssl.conf defaults now be 2048 bits?
> 
> i.e. default_bits = 1024
> 
> I have read that 1024 bit certificates are now deprecated,
> since Dec 31, 2013

if you really care you have to use 3072 and not 2048
and much more important get rid of SHA1 certs

3072 RSA matches AES128, for ECC 256
________________________________________

here you go:

http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report
http://www.nsa.gov/business/programs/elliptic_curve.shtml



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140422/c8a72422/attachment.sig>


More information about the dovecot mailing list