Hanno Böck writes:

On Fri, 19 Sep 2014 20:56:26 -0400
Sam Varshavchik <mr...@courier-mta.com> wrote:

> I just ran a test, and on a medium-powered server, it took 2 minutes
> to generate a 2048-bit parameter. That's not too bad, I suppose. A
> new install will have to generate that the first time the server gets
> started, and things will pretty much come to a halt, until that's
> done and over with. Will have to make that prominent, somewhere…

If you're worried about generation time:
DH parameters are neither secret nor is there a problem in sharing the
same parameters amongst several hosts.

From a cryptographic perspective there wouldn't be a problem in
pre-generating one set of DH params and shipping them as the default
with all courier installations.

Btw, is there currently a way of using ECDH-ciphersuites with courier?

Casual browsing of OpenSSL and GnuTLS documentation suggests that some additional code configuration and setup is needed for that; but it's not really not quite clear exactly what.

Attachment: pgpJBuOODqoY8.pgp
Description: PGP signature

Slashdot TV.  Video for Nerds.  Stuff that Matters.
courier-users mailing list
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to