nanotek:
> Still, might be a good time to create my own CA and upgrade to 4096 bit
> keys/certificates using SHA512 algorithms and make use of some
> Diffie-Hellman ephemeral elliptic curve parameters for perfect forward
> secrecy. I've read http://www.postfix.org/TLS_README.html -- Postfix
> documentation is exceptional by the way -- are there any guides for DHE?
There is a work-in-progress document on forward secrecy that covers
both EDH and EECDH. It shows how to configure things (the defaults
should be sufficient for many applications) and what you can expect
to see in logging and message headers.
http://www.postfix.org/FORWARD_SECRECY_README.html
I am still fixing it for clarity, but it should be accurate. Feedback
is welcome.
Wietse
