mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-08-29 14:28:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

remove: Diffie-Hellman parameters for Postfix & Dovecot

Browse source 
This patch removes all custom DH parameters from DMS.

The documentation update is NOT included in this patch yet.

ref: #4538

Signed-off-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
This commit is contained in:
Georg Lauterbach 2025-08-17 12:28:33 +02:00
parent c1da4265d3
commit 8dc74bb1e8
No known key found for this signature in database
GPG key ID: D84CD4AA46D7F099
11 changed files with 2 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/content/config/security/ssl.md
View file

@ -908,6 +908,8 @@ fi
## Custom DH Parameters
TODO
By default DMS uses [`ffdhe4096`][ffdhe4096-src] from [IETF RFC 7919][ietf::rfc::ffdhe]. These are standardized pre-defined DH groups and the only available DH groups for TLS 1.3. It is [discouraged to generate your own DH parameters][dh-avoid-selfgenerated] as it is often less secure.
Despite this, if you must use non-standard DH parameters or you would like to swap `ffdhe4096` for a different group (eg `ffdhe2048`); Add your own PEM encoded DH params file via a volume to `/tmp/docker-mailserver/dhparams.pem`. This will replace DH params for both Dovecot and Postfix services during container startup.