> From: Phil Pennock > Short version: used to be utterly horrible for OpenSSL users; got > better, but we now believe not as much better as we'd hoped; we now > believe that for GnuTLS users, things got a little worse instead of > being a no-op. In the next version of Exim (4.88) it's better still by > default, but manually generating a file for your `tls_dhparam` setting > avoids the issue, always has, and is the best way forward.
Am I understanding you correctly? That you recommend every Exim admin using OpenSSL to specify in the beginning of Exim config tls_dhparam = /path/dhparam.pem where the file should be generated once with commands openssl dhparam -out /path/dhparam.pem 2236 chown root:mail /path/dhparam.pem chmod 640 /path/dhparam.pem For FreeBSD the /path/ can be /usr/local/etc/exim/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
