Am 24.09.2013 08:48, schrieb Marios Titas: > Currently, dovecot generates two primes for Diffie-Hellman key > exchanges: a 512-bit one and a 1024-bit one. In light of recent > events, I think it would be wise to add support for 2048-bit primes as > well, or even better, add a configuration option that lets the user > select a file (or files) containing the DH parameters > > In recent years, there has been increased interest in DH especially in > its ephemeral version (DHE) because it provides perfect forward > secrecy. In that context, the use of 1024-bit parameters might not > seem such a terrible idea: if someone cracks the ephemeral key then > they will only gain access to the data exchanged during that > particular session. Therefore, it might not be worth the effort to > crack such a key. But this is certainly not the case for IMAPS: it is > quite likely that the session data will include the user's > credentials. >
you may get problems with older mail clients , on smtp side i discovered i.e netscape 7 ist not able to handle stuff bigger then 1024 but some more configure options maybe fine ever Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
