Hi. Am 21.08.2013 03:09, schrieb Sam Varshavchik: > Ok, here's exactly what I mean. In your esmtpd-ssl, imapd-ssl, or > pop3-ssl configuration file, set the TLS_DHCERTFILE setting to the file > that has your DH parameters, in PEM format. It can be the same file as > the TLS_CERTFILE.
Thanks for your hints, I could follow them and have PFS running on my testing machine now. But one thing is weird: I had to put dhparams in the same file as the regular cert and reference this one on TLS_DHCERTFILE. At my first try, I put dhparams in a separate file. This lead to TLS being unavailable completely with this error: couriertls: /etc/ssl/private/dhparams.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line Just putting the dhparams at the end of the cert-PEM and using this as TLS_DHCERTFILE fixed it. Bernd
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
