hi, I noticed that when using diffie-hellman parameters with smtpd and relayd, there is no need to create a separate dhparam file.
Given how long it takes to generate such file with openssl dhparam -out dh.pem 4096, I can't imagine the ephemeral keys to be generated on the fly. how does it work? Is "pki fqdn dhe auto" enough to enable PFS in smtpd?
