[Ach] 9.2.1 Dovecot, some additions, questions

Pepi Zawodsky pepi.zawodsky at maclemon.at
Tue Nov 19 22:34:46 CET 2013

== Regenerating DH Params ==
# How often to regenerate the SSL parameters file. Generation is quite CPU
# intensive operation. The value is in hours, 0 disables regeneration
# entirely.
#ssl_parameters_regenerate = 168

Default seems
ssl_parameters_regenerate = 168 # Value in hours, aka 168h ≈ 1w

DH Paramters used are only 512 Bits and 1024 Bits.

Creating 512bit DH Params takes 0.86seconds on my 2GHz Core2Duo Mac mini Server.
Creating 1024bit DH Params takes 61 seconds.

1 Week seems to long for my taste even for slower servers.
Does 24h sound reasonable? More or less?

== Disable Plaintext ==
Surprisingly this does not seem to be the default everywhere. Should be checked just in case…

# allows plaintext authentication only when SSL/TLS is used first.

== Debugging/Statistics on SSL Client connections ==
SSL verbosity - seems to be very helpful in debugging and checking what ciphers clients offer.

verbose_ssl = yes
# This will make Dovecot log all the problems it sees with SSL connections. Some errors might be caused by dropped connections, so it could be quite noisy.

== Obligatory Apple Rant ==
Rant: Apple… 2.0.19apple1 on OS X 10.8.5 Mountain Lion
Smile: 2.2.5 on OS X 10.9 Mavericks

Best regards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131119/dd449c0e/attachment.sig>

More information about the Ach mailing list