[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

2023-07-12 Thread Viktor Dukhovni via Postfix-users
On Wed, Jul 12, 2023 at 11:16:56AM +0300, Ivan Hadzhiev via Postfix-users wrote: > You can copy from here: > *https://github.com/internetstandards/dhe_groups/blob/main/ffdhe4096.pem > > * > or you can create it > > *openss

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

2023-07-12 Thread Viktor Dukhovni via Postfix-users
On Wed, Jul 12, 2023 at 10:09:34AM +0200, Paul Menzel via Postfix-users wrote: > The Internet.nl email test, reports for molgen.mpg.de [1]: Their criteria are cranked up to 11. Do not attempt to get a 100% score from their site. It will be counterproductive (reduce security) by making it diffic

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

2023-07-12 Thread Paul Menzel via Postfix-users
Dear Ivan, Thank you very much for your reply. Am 12.07.23 um 10:16 schrieb Ivan Hadzhiev: You can copy from here: https://github.com/internetstandards/dhe_groups/blob/main/ffdhe4096.pem or you can create it openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096 -out /etc/postfi

[pfx] Re: How to verify that DH key generation parameters from RFC 7919 are used?

2023-07-12 Thread Ivan Hadzhiev via Postfix-users
You can copy from here: *https://github.com/internetstandards/dhe_groups/blob/main/ffdhe4096.pem * or you can create it *openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096 -out /etc/postfix/ffdhe4096.dh.