upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
Aki Tuomi
aki.tuomi at dovecot.fi
Fri Jun 22 10:48:35 EEST 2018
> On 22 June 2018 at 10:18 tai74 at vfemail.net wrote:
>
>
>
> hi sorry if question was asked already. Was reading
> https://wiki2.dovecot.org/Upgrading/2.3
>
> first I'm confused on diffie hellman parameters file. I never set up
> ssl-parameters.dat before (should i have? do I have one that was
> automatically made for me by dovecot?)
>
> Do I need to make a fresh dh.pem? The upgrade doc tells how to convert
> ssl-parameters.dat but how to make a new one?
>
2.2 makes the ssl-parameters.dat automatically. You can choose to either use that with the instructions given, or you can make a fresh one using openssl gendh 4096 > dh.pem
Note that this will require quite a lot of entropy, so you should probably ensure that you run it on a laptop or with virtual machine that has some entropy source/helper.
> other question is if I copy ssl_min_protocol from example config into
> my existing config is that enough? do experts on this list recommend
> any tweaks that increase client requirements more than dovecot
> developers are comfortable with but will ensure more secure protocol
> usage?
>
ssl_min_protocols defines the minimum TLS protocol the server supports. We recommend TLSv1, but if you want, you can experiment with TLSv1.2, which will decrease client compability a bit.
Aki
>
> -------------------------------------------------
>
> ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
> $24.95 ONETIME Lifetime accounts with Privacy Features!
> 15GB disk! No bandwidth quotas!
> Commercial and Bulk Mail Options!
More information about the dovecot
mailing list