Gerald Hopf writes:
> I don't recall offhand if you are required to use a DH certificate, > instead of an RSA certificate, or if having DH parameters is sufficient. > Use 'openssl dhparams" to generate a set of new DH parameters, and > append them to your certificate file, and see if it helps. If not, try > creating a new DH certificate.dhparams doesn't list anything containing DHE or ECDHE. I don't think it has anything to do with the certificate file. No article I've read on this ever mentioned that this depends on the certificate file.
"openssl dhparams" generates DH parameters. couriertls checks if the certificate file contains DH parameters, and if so, they get loaded.
As you know, Courier reads both the private key and the certificate from the same file. PEM-formatted files may have multiple contents, like a private key and a certificate. And DH parameters. I wrote:
"Use 'openssl dhparams" to generate a set of new DH parameters, and append them to your certificate file, and see if it helps."
Did you do that?
pgpmpW9SnTFQA.pgp
Description: PGP signature
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
