[Exim] Suggestion for default timespan for deleting gnutls-p…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Andreas Metzler
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [Exim] Suggestion for default timespan for deleting gnutls-params?
Hello,

spec.txt says:
GnuTLS uses RSA and D-H parameters that take a substantial amount of
time to compute. It is unreasonable to recompute them for every
TLS session. Therefore, Exim keeps this data in a file in its spool
directory, called `gnutls-params'. The file is owned by the Exim user
and is readable only by its owner.
[...]
For maximum security, the parameters that are stored in this file
should be recalculated periodically, the frequency depending on your
paranoia level.

However I wonder what people would consider a reasonable default value
for a binary distribution of exim4 - once a day, weekly, every other
hour?
              cu andreas