I'm really sorry I haven't been able to get to spamdyke issues lately, let me
see if I can catch up...
I'll update the docs, thanks for the tip!
As for how the key size of the DH key relates to well, anything at all, I
honestly have no idea. The OpenSSL documentation is extremely frustrating t
That should no doubt work, but it doesn't appear to be ideal for current
use. While I think BC is referring to signed certs, what we're referring
to here is the key exchange portion of the ciphers used with SSL. My
(somewhat limited) understanding is that they use related technology,
but their
Eric,
at the moment I use the same file the "normal" qmail installation use.
spamdyke.conf:
tls-dhparams-file=/var/qmail/control/dh1024.pem
2014-03-28 20:08 GMT+01:00 Eric Shubert :
> On 02/05/2014 06:34 AM, Marc Gregel wrote:
> > Just for the records:
> > With Version 5.0.0 and the new option
On 3/28/2014 12:47 PM, Eric Shubert wrote:
I'm also wondering, should 2048 and 4096 key lengths also be included?
As of January 1, 2014 key lengths of 1024 are not to be allowed for
new installations going forward. Newly issued certs have to be for a
minimum of 2048 bit keys.
On 02/05/2014 06:34 AM, Marc Gregel wrote:
> Just for the records:
> With Version 5.0.0 and the new option "tls-dhparams-file" everything
> works great, TLS uses the strong cipher suites now!
> Thank you :-)
Marc,
What key length are you using in your dhparams file?
--
-Eric 'shubes'
_
I posted that just a *little* too early. Here the answer to my previous
questions:
http://openssl.6102.n7.nabble.com/Size-of-ephemeral-DH-keys-td15181.html
Sam, the post scripts still apply.
On 03/28/2014 11:47 AM, Eric Shubert wrote:
> P.S. Sam, the documentation refers to "openssl dhparams". S
Marc (& Sam),
Would you please elaborate a little on this? I'm trying to straighten
things up on QMail-Toaster and could use a little help. I'm far from an
openssl expert, but I'm learning. ;)
The qmail TLS patch that's presently in place (Frederik Vermeulen -
qmail-tls 20060104 http://inoa.ne
Just for the records:
With Version 5.0.0 and the new option "tls-dhparams-file" everything works
great, TLS uses the strong cipher suites now!
Thank you :-)
2013-09-10 Marc Gregel :
> Looking forward to the Update :-)
>
>
> 2013/9/10 Sam Clippinger
>
>> I think you're exactly right -- I'll need
I think you're exactly right -- I'll need to add another TLS option to spamdyke
to accept the DH parameters and pass them to OpenSSL with the callback. I'll
have to figure out how to test it as well...
Thanks for finding that link, I don't think I would have even looked at a
function with "tmp
Looking forward to the Update :-)
2013/9/10 Sam Clippinger
> I think you're exactly right -- I'll need to add another TLS option to
> spamdyke to accept the DH parameters and pass them to OpenSSL with the
> callback. I'll have to figure out how to test it as well...
>
> Thanks for finding that
Hi Sam,
is it possible that the problem is because of missing "dh keys"?
I think (!) spamdyke don't use or call something like this here:
http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html - read the
'notes' part
so cipher with EDHE:DE won't work.
My server/openssl is fine because t
Hmmm... I think you may be beyond the edge of my expertise, but I'll certainly
try to help if I can. spamdyke uses the OpenSSL library to handle SSL and TLS,
so anything that works with OpenSSL on the command line should work with
spamdyke as well. The option "tls-cipher-list" serves the same
Hi :-)
These days where the NSA is watching us I decided to make my server as
secure as possible.
For qmail it means to use TLS with strong encryption - openssl with "-
ciphers "EDHS:DE" for example.
The original QMAIL without spamdyke works fine:
openssl s_client -starttls smtp -connect localhos
13 matches
Mail list logo