FREAK/Logjam, and SSL protocols to use

Gedalya gedalya at
Wed May 27 04:22:59 UTC 2015

On 05/26/2015 10:37 AM, Ron Leach wrote:
> includes altering DH parameters length to 2048, and re-specifying the 
> allowable cipher suites - they give their suggestion. 

It looks like there is an error on this page regarding regeneration. In 
current dovecots ssl_parameters_regenerate defaults to zero, and this 
means regeneration is disabled. The old default was 168 hours (1 week).
The language on is 
confusing and could be understood to mean that the current default is 
one week.
To enable regeneration you can manually set:
ssl_parameters_regenerate = 60 days
ssl_parameters_regenerate = 1 weeks

More information about the dovecot mailing list