blob: 19412781d21c8a1adac5928b08e4a0a1dc4412c5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<!-- Copyright 2013 Double Precision, Inc. See COPYING for -->
<!-- distribution information. -->
<refentry id="mkdhparams">
<info><author><firstname>Sam</firstname><surname>Varshavchik</surname><contrib>Author</contrib></author><productname>Courier Mail Server</productname></info>
<refmeta>
<refentrytitle>mkdhparams</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo>Double Precision, Inc.</refmiscinfo>
</refmeta>
<refnamediv>
<refname>mkdhparams</refname>
<refpurpose>create DH parameter file</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis sepchar=" ">
<command>@sbindir@/mkdhparams</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="mkdhparams_description">
<title>DESCRIPTION</title>
<para>
This script creates new DH parameters and saves them in
<filename>@certsdir@/dhparams.pem</filename>. If this file already exists
and it's less than 25 days old, the script returns immediately.
If this file is over 25 days old, new DH parameters get generated and
the file gets replaced.
</para>
<para>
This script is intended to be execute when the system boots, or from
a monthly cron job.
</para>
</refsect1>
<refsect1 id="mkdhparams_files">
<title>FILES</title>
<variablelist>
<varlistentry>
<term>@certsdir@/dhparams.pem</term>
<listitem>
<simpara>
DH Parameter file.
</simpara>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="mkdhparams_environment_variables">
<title>ENVIRONMENT VARIABLES</title>
<variablelist>
<varlistentry>
<term>BITS</term>
<listitem>
<simpara>
Customize the DH parameter bit size. The default value depends on
whether this script uses OpenSSL or GnuTLS libraries. For OpenSSL
the default number of bits is 2048. GnuTLS uses a security level
setting, rather than the number of bits, and the default
security level is "high".
</simpara>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<note>
<para>
It make take several minutes to generate new DH parameters with the
default strength.
</para>
</note>
<refsect1 id="mkdhparams_see_also">
<title>SEE ALSO</title>
<para>
<ulink url="courier.html"><citerefentry><refentrytitle>courier</refentrytitle><manvolnum>8</manvolnum></citerefentry></ulink></para>
</refsect1>
</refentry>
|
