[Ach] Dovecot DH parameters
leon at leonweber.de
Tue Feb 10 14:24:57 CET 2015
I’ve been reading through dovecot’s SSL configuration manual.
According to that, dovecot
(1) uses 1024 bit DH parameters by default, unless configured otherwise
in the ssl_dh_parameters_length variable, and
(2) generates the DH parameters by itself, and even regenerates that
file every week unless disabled by ssl_parameters_regenerate
This makes me wonder: Would it make sense to include a config statement
to change (1) to a larger value in the bettercrypto.org manual?
Regarding (2): If I understand RFC 7457 section 2.9 correctly, it
advises against generating DH params yourself. Hence, is it reasonable
to disable parameter regeneration and supply dovecot with a pregenerated
If so, would it make sense to suggest that in the bettercrypto manual as
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: not available
More information about the Ach