upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
Joseph Tam
jtam.home at gmail.com
Sat Jun 23 00:35:25 EEST 2018
On Fri, 22 Jun 2018, Joseph Tam wrote:
> However, recent advances make this condition obsolete [*] and not
> really safer, so a much faster way to generate a DH key is
>
> openssl dhparam -dsaparam -out dh.pem 4096
>
> DH generation is a one time operation, so if you're paranoid and you've
> got time to burn, go ahead and generate the "safe" DH key.
>
> [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam)
Oh, I might have to backtrack on this claim
https://www.openssl.org/news/secadv/20160128.txt
although it's beyond my understanding whether it's applicable to Dovecot.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list