When there is a dhparam in the certificate file, does postfix use it? I believe that haproxy does, which is where I got the idea to include a custom dhparam with every certificate.
Thanks, Shawn
Each time I renew my certificate, I generate a new 4096 bit dhparam
value and append it to the certificate file that I use with all my
TLS-capable software. The pem-formatted certificate file contains 4
things: The server cert, the letsencrypt issuing cert, the private key,
and that newly generated dhparam. Because of the private key, I set
0600 permissions on the file.
- Custom dhparam Shawn Heisey
- Re: Custom dhparam Viktor Dukhovni
