[Exim] Suggestion for default timespan for deleting gnutls-p…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Andreas Metzler
Data:  
Para: exim-users
Asunto: [Exim] Suggestion for default timespan for deleting gnutls-params?
Hello,

spec.txt says:
GnuTLS uses RSA and D-H parameters that take a substantial amount of
time to compute. It is unreasonable to recompute them for every
TLS session. Therefore, Exim keeps this data in a file in its spool
directory, called `gnutls-params'. The file is owned by the Exim user
and is readable only by its owner.
[...]
For maximum security, the parameters that are stored in this file
should be recalculated periodically, the frequency depending on your
paranoia level.

However I wonder what people would consider a reasonable default value
for a binary distribution of exim4 - once a day, weekly, every other
hour?
              cu andreas