Author: Lena Date: To: exim-users Subject: Re: [exim] Exim TLS security, DH and standard parameters
> From: Phil Pennock
> Short version: used to be utterly horrible for OpenSSL users; got
> better, but we now believe not as much better as we'd hoped; we now
> believe that for GnuTLS users, things got a little worse instead of
> being a no-op. In the next version of Exim (4.88) it's better still by
> default, but manually generating a file for your `tls_dhparam` setting
> avoids the issue, always has, and is the best way forward.
Am I understanding you correctly? That you recommend every
Exim admin using OpenSSL to specify in the beginning of Exim config
tls_dhparam = /path/dhparam.pem
where the file should be generated once with commands