FREAK/Logjam, and SSL protocols to use
ronleach at tesco.net
Wed May 27 16:15:27 UTC 2015
On 27/05/2015 05:22, Gedalya wrote:
> It looks like there is an error on this page regarding regeneration.
> In current dovecots ssl_parameters_regenerate defaults to zero, and
> this means regeneration is disabled. The old default was 168 hours (1
> The language on http://wiki2.dovecot.org/SSL/DovecotConfiguration is
> confusing and could be understood to mean that the current default is
> one week.
I'd read that dovecot wiki page, and the weakdh page, and - indeed -
formed the impression that the defaults on our server were ok.
> To enable regeneration you can manually set:
> ssl_parameters_regenerate = 60 days
> ssl_parameters_regenerate = 1 weeks
I couldn't find an entry in 10-ssl.config that covered regeneration
(though our version is 2.2.15 and the current release, 2.2.18, may
I created an entry from scratch, with the example you posted but set
to 7 days, and placed that in 10-ssl.config .
Thank you very much for the advice.
More information about the dovecot