PFS with snakeoil works. Trying it out here https://snakeoil.cf
Using Apache 2.4 on a server running Jessie, it looks reasonable using just the default ciphers of SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5. Open to tweaking SSLCipherSuite. Now trying pfs for Postfix, will this email actually use it? On Fri, 2013-09-13 at 08:01 +0200, Eugen Leitl wrote: > On Thu, Sep 12, 2013 at 04:44:31PM +0100, Keith wrote: > > With a CA on each freedombox there need not be a requirement for a > > server. > > > > If my understanding of Tor is right, it is designed for anonymity, not > > encryption, should not need a CA for this. > > Can you get PFS with snakeoil (I presume these are generated during > the installation, is there at all enough entropy at that time so > this is safe?) certs? > > Postfix and dovecot in newer versions can do PFS: > http://www.heinlein-support.de/blog/security/perfect-forward-secrecy-pfs-fur-postfix-und-dovecot/ > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
