[Ach] 9.2.1 Dovecot, some additions, questions
Adi Kriegisch
adi at kriegisch.at
Tue Nov 19 22:54:50 CET 2013
Hi!
> > == Regenerating DH Params ==
> > # How often to regenerate the SSL parameters file. Generation is quite CPU
> > # intensive operation. The value is in hours, 0 disables regeneration
> > # entirely.
> > #ssl_parameters_regenerate = 168
> >
> > Default seems
> > ssl_parameters_regenerate = 168 # Value in hours, aka 168h ≈ 1w
> >
> > DH Paramters used are only 512 Bits and 1024 Bits.
Only the most recent version of Dovecot supports DH params of arbitrary
size (>=2.2.7); see my remark in the document.
(Probably I'll find some time to backport that to the current debian
version)
> > == Disable Plaintext ==
> > Surprisingly this does not seem to be the default everywhere. Should be checked just in case…
> > disable_plaintext_auth=yes
> > # allows plaintext authentication only when SSL/TLS is used first.
> >
> >
> Is that plaintext within a TLS/SSL tunnel?
No, setting this option allows the 'plain' authentication mechanism only if
there is a SSL/TLS connection. So setting this cannot/should not do any
harm but probably is beyond the scope of our document.
-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131119/1cc53b46/attachment.sig>
More information about the Ach
mailing list