On January 12, 2022 4:22:00 PM AKST, Joseph Tam wrote:
>
> - perfect forward secrecy: the disclosure of a private
> key will not compromise past traffic. This is probably the
> more compelling reason.
>
As to ECC vs. the "old fashioned" RSA paradigm based on the difficulty of
> On 13/01/2022 03:22 Joseph Tam wrote:
>
>
> dove...@ptld.com writes:
>
> > Is Diffie-Hellman needed on a modern new dovecot setup?
>
> Needed? Strictly speaking, probably not. Most clients will fall back to
> RSA, although
> some security hardened
dove...@ptld.com writes:
Is Diffie-Hellman needed on a modern new dovecot setup?
Needed? Strictly speaking, probably not. Most clients will fall back to RSA,
although
some security hardened clients might refuse if you don't have non-RSA ciphers.
However i see Diffie-Hellman re
> On 10/01/2022 18:12 dove...@ptld.com wrote:
>
>
> And follow up question;
>
> The docs say you are encouraged to disable non-ECC DH algorithms completely.
> However i didn't see anything on that same page explaining how to go about
> doing that.
>
> Can someone point me to something expla
I want better explanations of the maths.
If RSA and DSA algorithms based on standard arithmetic exponentiation modulo
the product of two large primes are "deprecated" -- that means that there have
been or are expected to be major mathematical and algorithmic advances in
factoring large integers
And follow up question;
The docs say you are encouraged to disable non-ECC DH algorithms completely.
However i didn't see anything on that same page explaining how to go about
doing that.
Can someone point me to something explaining what that means and how to go
about doing it?
Is Diffie-Hellman needed on a modern new dovecot setup?
ssl_dh is empty by default.
Both ssl_cert and ssl_key on my setup are pointing to let's encrypt certs.
However i see Diffie-Hellman related warnings in logs:
dovecot[1073]: imap-login: Error: Diffie-Hellman key exchange requested, b