> On 22 June 2018 at 10:18 ta...@vfemail.net wrote: > > > > hi sorry if question was asked already. Was reading > https://wiki2.dovecot.org/Upgrading/2.3 > > first I'm confused on diffie hellman parameters file. I never set up > ssl-parameters.dat before (should i have? do I have one that was > automatically made for me by dovecot?) > > Do I need to make a fresh dh.pem? The upgrade doc tells how to convert > ssl-parameters.dat but how to make a new one? >
2.2 makes the ssl-parameters.dat automatically. You can choose to either use that with the instructions given, or you can make a fresh one using openssl gendh 4096 > dh.pem Note that this will require quite a lot of entropy, so you should probably ensure that you run it on a laptop or with virtual machine that has some entropy source/helper. > other question is if I copy ssl_min_protocol from example config into > my existing config is that enough? do experts on this list recommend > any tweaks that increase client requirements more than dovecot > developers are comfortable with but will ensure more secure protocol > usage? > ssl_min_protocols defines the minimum TLS protocol the server supports. We recommend TLSv1, but if you want, you can experiment with TLSv1.2, which will decrease client compability a bit. Aki > > ------------------------------------------------- > > ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the > NSA's hands! > $24.95 ONETIME Lifetime accounts with Privacy Features! > 15GB disk! No bandwidth quotas! > Commercial and Bulk Mail Options!