/etc/dovecot/dh.pem

wattie

Verified User
Joined
May 31, 2008
Messages
1,001
Location
Bulgaria
The /etc/dovecot/dh.pem is generated as 1024 bit. Security scanners are complaining that it's insecure.

Is it safe to make it higher (let say 4096) with
Code:
openssl dhparam 4096 > dh.pem
?
 
Last edited:

ikkeben

Verified User
Joined
May 22, 2014
Messages
651
Location
Netherlands Germany
Ah you read , prettige feestdagen. ;)

Take care of warning :# This might take a very long time. Run it on a machine with sufficient entropy.

I'm waiting for this answer to!

As for the others in that topic http://forum.directadmin.com/showthread.php?t=56602&page=2&p=293050#post293050

I PM you another testsite that is even more strict for pci and other compliance, very hard with a normal directadmin box and still communicating with the world to gat the 100% there
 

wattie

Verified User
Joined
May 31, 2008
Messages
1,001
Location
Bulgaria
I did it - it took few minutes (8-core Xeon machine). Replaced the file and... seems to be working fine.
 
Top