Package: courier-ssl
Version: 0.73.1-1.6
Severity: normal
Dear Maintainer,
according to the mkdhparams man page:
ENVIRONMENT VARIABLES
BITS Customize the DH parameter bit size. The
default value depends on whether this script uses OpenSSL or
GnuTLS libraries. For OpenSSL the default number of bits is
768. GnuTLS uses a security level setting, rather than the
number of bits, and the default security level is "high".
However, if I run
export BITS=2048 # also tried 1024 as the value
rm /etc/courier/dhparms.pem
mkdhparams
I still get a 768 bit key. Which cause problems because some verions of
OpenSSL will refuse to deliver mail via SSL/STARTTLS if the the smtp server
uses a DH key less than 1024.
-- System Information:
Debian Release: 8.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages courier-ssl depends on:
ii courier-base 0.73.1-1.6
ii debconf [debconf-2.0] 1.5.56
ii libc6 2.19-18+deb8u4
ii libssl1.0.0 1.0.1t-1+deb8u2
ii openssl 1.0.1t-1+deb8u2
courier-ssl recommends no packages.
courier-ssl suggests no packages.
-- debconf information:
* courier-ssl/certnotice:
