[Ach] 9.2.1 Dovecot, some additions, questions
Pepi Zawodsky
pepi.zawodsky at maclemon.at
Tue Nov 19 22:34:46 CET 2013
== Regenerating DH Params ==
# How often to regenerate the SSL parameters file. Generation is quite CPU
# intensive operation. The value is in hours, 0 disables regeneration
# entirely.
#ssl_parameters_regenerate = 168
Default seems
ssl_parameters_regenerate = 168 # Value in hours, aka 168h ≈ 1w
DH Paramters used are only 512 Bits and 1024 Bits.
FYI:
Creating 512bit DH Params takes 0.86seconds on my 2GHz Core2Duo Mac mini Server.
Creating 1024bit DH Params takes 61 seconds.
1 Week seems to long for my taste even for slower servers.
Does 24h sound reasonable? More or less?
== Disable Plaintext ==
Surprisingly this does not seem to be the default everywhere. Should be checked just in case…
disable_plaintext_auth=yes
# allows plaintext authentication only when SSL/TLS is used first.
== Debugging/Statistics on SSL Client connections ==
SSL verbosity - seems to be very helpful in debugging and checking what ciphers clients offer.
verbose_ssl = yes
# This will make Dovecot log all the problems it sees with SSL connections. Some errors might be caused by dropped connections, so it could be quite noisy.
== Obligatory Apple Rant ==
Rant: Apple… 2.0.19apple1 on OS X 10.8.5 Mountain Lion
Smile: 2.2.5 on OS X 10.9 Mavericks
Best regards
Pepi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131119/dd449c0e/attachment.sig>
More information about the Ach
mailing list