FREAK/Logjam, and SSL protocols to use

Ron Leach ronleach at
Wed May 27 16:15:27 UTC 2015

On 27/05/2015 05:22, Gedalya wrote:

> It looks like there is an error on this page regarding regeneration.
> In current dovecots ssl_parameters_regenerate defaults to zero, and
> this means regeneration is disabled. The old default was 168 hours (1
> week).
> The language on is
> confusing and could be understood to mean that the current default is
> one week.

I'd read that dovecot wiki page, and the weakdh page, and - indeed - 
formed the impression that the defaults on our server were ok.

> To enable regeneration you can manually set:
> ssl_parameters_regenerate = 60 days
> or:
> ssl_parameters_regenerate = 1 weeks

I couldn't find an entry in 10-ssl.config that covered regeneration 
(though our version is 2.2.15 and the current release, 2.2.18, may 

I created an entry from scratch, with the example you posted but set 
to 7 days, and placed that in 10-ssl.config .

Thank you very much for the advice.

regards, Ron

More information about the dovecot mailing list