[BlueOnyx:16474] Re: Blackberrys, dovecot, IMAP and TLS
Michael Stauber
mstauber at blueonyx.it
Mon Nov 17 17:41:02 -05 2014
Hi Darren,
Many thanks for your very detailed writeup. Much appreciated!
> # DH parameters length to use.
> ssl_dh_parameters_length = 2048
>
> This is a new option added to dovecot from the previous we had in 5107r
Yeah, this was added in the new Dovecot.
> Reviewing the Blackberry documentation suggested that this
> should work as they support values from 512 to 4096 but it
> does not. We changed it back to its default value of 1024
> and it worked.
Outch. That is pretty sad. Because 1024 bit Diffie-Hellman does not
contain enough entropy and diversity. The lowest recommended setting is
2048, so that's the default that I set for BlueOnyx and I'm actually
considering to bump it to 4096 in the future.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list