Thank you very much!
As Bernd Wurst commented I also needed to have the entire PEM file + the
contents of the dhparams file I had generated in one file for it to work
as TLS_DHCERTFILE, otherwise it won't work with the error message
error:0906D06C:PEM routines:PEM_read_bio:no start line_.
I
Thanks for the quick reply!
On 20.08.2013 01:34, Sam Varshavchik wrote:
I do not see the connection between PFS and these two specific key
exchange protocols.
PFS is just a generic concept, not tied to any particular technology.
To my knowledge the ciphers starting with DHE and ECDHE are the
Gerald Hopf writes:
I don't recall offhand if you are required to use a DH certificate,
instead of an RSA certificate, or if having DH parameters is sufficient.
Use 'openssl dhparams to generate a set of new DH parameters, and
append them to your certificate file, and see if it helps. If
openssl dhparams generates DH parameters. couriertls checks if the
certificate file contains DH parameters, and if so, they get loaded.
As you know, Courier reads both the private key and the certificate
from the same file. PEM-formatted files may have multiple contents,
like a private
Gerald Hopf writes:
default. If even the official courier-mta.org MX server doesn't have
this correctly enabled, I somehow doubt anyone else does... And somehow
dovecot/postfix seem to manage to have this as default without
generation special DH parameter files ?
It's two opposite
Sam Varshavchik writes:
Gerald Hopf writes:
default. If even the official courier-mta.org MX server doesn't have
this correctly enabled, I somehow doubt anyone else does... And somehow
dovecot/postfix seem to manage to have this as default without
generation special DH parameter files ?
Hi.
Am 21.08.2013 03:09, schrieb Sam Varshavchik:
Ok, here's exactly what I mean. In your esmtpd-ssl, imapd-ssl, or
pop3-ssl configuration file, set the TLS_DHCERTFILE setting to the file
that has your DH parameters, in PEM format. It can be the same file as
the TLS_CERTFILE.
Thanks for your
Perfect forward secrecy (PFS) is a property of the key-agreement
protocol that ensures that a session key derived from a set of long-term
public and private keys will not be compromised if one of the
(long-term) private keys is compromised in the future
(Source:
Gerald Hopf writes:
Perfect forward secrecy (PFS) is a property of the key-agreement
protocol that ensures that a session key derived from a set of long-term
public and private keys will not be compromised if one of the
(long-term) private keys is compromised in the future
(Source: