dovecot 2.2.18 and ssl_parameters_regenerate

django at nausch.org django at nausch.org
Fri May 22 07:08:28 UTC 2015


HI Timo,

On http://wiki2.dovecot.org/SSL/DovecotConfiguration I read in chapter  
SSL security settings:

When Dovecot starts up for the first time, it generates new 512bit and  
1024bit Diffie Hellman parameters and saves them into  
<prefix>/var/lib/dovecot/ssl-parameters.dat. After the initial  
creation they're by default regenerated every week. With newer  
computers the generation shouldn't take more than a few seconds, but  
with older computers it can take as long as half an hour. The extra  
security gained by the regeneration is quite small, so with slower  
computers, for Dovecot versions prior to v2.2, you might want to  
disable it

If I discover the default-value of ssl_parameters_regenerate I receive:

# doveconf -d ssl_parameters_regenerate
ssl_parameters_regenerate = 0

In your doku you wrote, that dovecot will regenerate every week. :/ ?

I set it to "1 hours" and watch if /var/lib/dovecot/ssl-parameters.dat  
is build every hour, but nothing happens. ssl-parameters.dat is only  
rebuild, if I change ssl_dh_parameters_length

What's the problem? What I've made false?


ttyl
Django

-- 
http://dokuwiki.nausch.org
http://wetterstation-pliening.info
http://ebersberger-liedersammlung.de



More information about the dovecot mailing list