Re: [courier-users] problems with esmtpd / cert / pem reading after update to latest snapshot ("no
Brought to you by:
mrsam
From: Hanno B. <ha...@hb...> - 2014-09-20 09:56:49
|
On Fri, 19 Sep 2014 20:56:26 -0400 Sam Varshavchik <mr...@co...> wrote: > I just ran a test, and on a medium-powered server, it took 2 minutes > to generate a 2048-bit parameter. That's not too bad, I suppose. A > new install will have to generate that the first time the server gets > started, and things will pretty much come to a halt, until that's > done and over with. Will have to make that prominent, somewhere… If you're worried about generation time: DH parameters are neither secret nor is there a problem in sharing the same parameters amongst several hosts. From a cryptographic perspective there wouldn't be a problem in pre-generating one set of DH params and shipping them as the default with all courier installations. Btw, is there currently a way of using ECDH-ciphersuites with courier? -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hb... GPG: BBB51E42 |