On Fri, 19 Sep 2014 18:50:51 -0400 Sam Varshavchik <mr...@courier-mta.com> wrote:
> The certificate file is getting rejected by the OpenSSL library. > That's where this error is coming from. I now found out what is wrong. It seems courier now needs dh params either in the pem file or separately via TLS_DHPARAMS. We didn't have them in our config yet. However, while looking at this I found something worrying: It seems the mkdhparams script defaults to 768 bit and the mkesmtpd script defaults to 512 bit DH params. That's completely and utterly insecure. It's insecure in a way that this is practically breakable on a normal home PC these days. I'd strongly advise to raise these defaults to 2048, which is a reasonable value these days. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
