upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol

Aki Tuomi aki.tuomi at dovecot.fi
Mon Jun 25 20:00:31 EEST 2018


ssl_dh=</path/to/dh.pem
put it under /etc/dovecot?


---Aki TuomiDovecot oy
-------- Original message --------From: tai74 at vfemail.net Date: 25/06/2018  19:48  (GMT+02:00) To: dovecot at dovecot.org Subject: Re: upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol 
Thanks Joseph, Aki, but something missing from upgrade document, where  
does the dh param file go? I located ssl-parameters.dat so I will put  
it there.

Quoting Joseph Tam <jtam.home at gmail.com>:

> On Fri, 22 Jun 2018, Joseph Tam wrote:
>
>> However, recent advances make this condition obsolete [*] and not
>> really safer, so a much faster way to generate a DH key is
>>
>> 	openssl dhparam -dsaparam -out dh.pem 4096
>>
>> DH generation is a one time operation, so if you're paranoid and you've
>> got time to burn, go ahead and generate the "safe" DH key.
>>
>> [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam)
>
> Oh, I might have to backtrack on this claim
>
> 	https://www.openssl.org/news/secadv/20160128.txt
>
> although it's beyond my understanding whether it's applicable to Dovecot.
>
> Joseph Tam <jtam.home at gmail.com>




-------------------------------------------------

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180625/4447c2cb/attachment.html>


More information about the dovecot mailing list