FREAK/Logjam, and SSL protocols to use
Gedalya
gedalya at gedalya.net
Wed May 27 04:22:59 UTC 2015
On 05/26/2015 10:37 AM, Ron Leach wrote:
>
> https://weakdh.org/sysadmin.html
>
> includes altering DH parameters length to 2048, and re-specifying the
> allowable cipher suites - they give their suggestion.
It looks like there is an error on this page regarding regeneration. In
current dovecots ssl_parameters_regenerate defaults to zero, and this
means regeneration is disabled. The old default was 168 hours (1 week).
The language on http://wiki2.dovecot.org/SSL/DovecotConfiguration is
confusing and could be understood to mean that the current default is
one week.
To enable regeneration you can manually set:
ssl_parameters_regenerate = 60 days
or:
ssl_parameters_regenerate = 1 weeks
More information about the dovecot
mailing list