On Fri, 19 Sep 2014 20:56:26 -0400 Sam Varshavchik <mr...@courier-mta.com> wrote:
> I just ran a test, and on a medium-powered server, it took 2 minutes > to generate a 2048-bit parameter. That's not too bad, I suppose. A > new install will have to generate that the first time the server gets > started, and things will pretty much come to a halt, until that's > done and over with. Will have to make that prominent, somewhere… If you're worried about generation time: DH parameters are neither secret nor is there a problem in sharing the same parameters amongst several hosts. From a cryptographic perspective there wouldn't be a problem in pre-generating one set of DH params and shipping them as the default with all courier installations. Btw, is there currently a way of using ECDH-ciphersuites with courier? -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users