From 15df203d5f962bab3cca355714dbe6748338dd84 Mon Sep 17 00:00:00 2001 From: Christoph Date: Tue, 16 May 2017 17:28:31 +0200 Subject: [PATCH] openssl parameter 'gendh' is deprecated. Using 'dhparam' instead. --- install_postfix_base.sh | 10 +++++----- install_postfix_relay.sh | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/install_postfix_base.sh b/install_postfix_base.sh index 557a58a..b1896af 100755 --- a/install_postfix_base.sh +++ b/install_postfix_base.sh @@ -671,7 +671,7 @@ smtpd_tls_key_file = $_TLS_KEY_FILE ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - ## - Dont't forget to create it, e.g with openssl: -## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 +## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 ## - #smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem ## - also possible to use 2048 key with that parameter @@ -681,7 +681,7 @@ smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - ## - Dont't forget to create it, e.g with openssl: -## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 +## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 ## - smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem @@ -871,7 +871,7 @@ fi ## - echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\"" if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1 + openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else @@ -882,7 +882,7 @@ else fi echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\"" if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1 + openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else @@ -893,7 +893,7 @@ else fi echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\"" if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then - openssl gendh -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1 + openssl dhparam -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else diff --git a/install_postfix_relay.sh b/install_postfix_relay.sh index b35832e..cafe72e 100755 --- a/install_postfix_relay.sh +++ b/install_postfix_relay.sh @@ -601,7 +601,7 @@ smtpd_tls_key_file = $_TLS_KEY_FILE ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - ## - Dont't forget to create it, e.g with openssl: -## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 +## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 ## - #smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem ## - also possible to use 2048 key with that parameter @@ -611,7 +611,7 @@ smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - ## - Dont't forget to create it, e.g with openssl: -## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 +## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 ## - smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem @@ -926,7 +926,7 @@ fi ## - echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\"" if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1 + openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else @@ -937,7 +937,7 @@ else fi echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\"" if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1 + openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else @@ -948,7 +948,7 @@ else fi echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\"" if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then - openssl gendh -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1 + openssl dhparam -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else