Dear Ivan,
Thank you very much for your reply.
Am 12.07.23 um 10:16 schrieb Ivan Hadzhiev:
You can copy from here:
https://github.com/internetstandards/dhe_groups/blob/main/ffdhe4096.pem
or you can create it
openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096 -out
/etc/postfix/ffdhe4096.dh.param
I downloaded the 3072 bit file and set it up:
# wget -O /project/mx/etc/ffdhe3072.pem
https://github.com/internetstandards/dhe_groups/blob/main/ffdhe3072.pem
# postconf -n smtpd_tls_dh1024_param_file
smtpd_tls_dh1024_param_file = /project/mx/etc/ffdhe3072.pem
# postfix reload
But the Internet.nl email test still says that DH 2048 is offered by
mx3.molgen.mpg.de [1].
mx3.molgen.mpg.de. DH-2048 insufficient
So I am still curious, how to verify that.
Kind regards,
Paul
[1]: https://www.internet.nl/mail/recomb.org/972775/
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org