On 24/12/2013 1:40 AM, Wietse Venema wrote:
nanotek:
Still, might be a good time to create my own CA and upgrade to 4096 bit
keys/certificates using SHA512 algorithms and make use of some
Diffie-Hellman ephemeral elliptic curve parameters for perfect forward
secrecy. I've read http://www.postfix.org/TLS_README.html -- Postfix
documentation is exceptional by the way -- are there any guides for DHE?
There is a work-in-progress document on forward secrecy that covers
both EDH and EECDH. It shows how to configure things (the defaults
should be sufficient for many applications) and what you can expect
to see in logging and message headers.
http://www.postfix.org/FORWARD_SECRECY_README.html
I am still fixing it for clarity, but it should be accurate. Feedback
is welcome.
Wietse
Thanks, Wietse. Much appreciated. I'll put it to use and let you know if
I encounter any problems.
--
syn.bsdbox.co
