Perfect forward secrecy (PFS) is a property of the key-agreement
protocol that ensures that a session key derived from a set of long-term
public and private keys will not be compromised if one of the
(long-term) private keys is compromised in the future
(Source:
Thanks for the quick reply!
On 20.08.2013 01:34, Sam Varshavchik wrote:
I do not see the connection between PFS and these two specific key
exchange protocols.
PFS is just a generic concept, not tied to any particular technology.
To my knowledge the ciphers starting with DHE and ECDHE are the
openssl dhparams generates DH parameters. couriertls checks if the
certificate file contains DH parameters, and if so, they get loaded.
As you know, Courier reads both the private key and the certificate
from the same file. PEM-formatted files may have multiple contents,
like a private
in the country being spied on :-) ]
On 21.08.2013 03:09, Sam Varshavchik wrote:
Sam Varshavchik writes:
Gerald Hopf writes:
default. If even the official courier-mta.org MX server doesn't have
this correctly enabled, I somehow doubt anyone else does... And somehow
dovecot/postfix seem to manage