external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

change to dhparam to use the -dsaparam flag. faster, same level of security. also hides the output

This commit is contained in:
Bill Cromie 2016-12-05 14:47:04 -05:00
parent 61105b1ec3
commit d36416e2fc
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
setup/ssl.sh
View File

@ -93,6 +93,9 @@ fi
# Generate some Diffie-Hellman cipher bits. # Generate some Diffie-Hellman cipher bits.
# openssl's default bit length for this is 1024 bits, but we'll create # openssl's default bit length for this is 1024 bits, but we'll create
# 2048 bits of bits per the latest recommendations. # 2048 bits of bits per the latest recommendations.
# use -dsaparam, as it's just as secure, but waaay faster
# http://security.stackexchange.com/questions/95178/diffie-hellman-parameters-still-calculating-after-24-hours
if [ ! -f $STORAGE_ROOT/ssl/dh2048.pem ]; then if [ ! -f $STORAGE_ROOT/ssl/dh2048.pem ]; then
openssl dhparam -out $STORAGE_ROOT/ssl/dh2048.pem 2048 hide_output \
openssl dhparam -dsaparam -out $STORAGE_ROOT/ssl/dh2048.pem 2048
fi fi