install/postfix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

openssl parameter 'gendh' is deprecated. Using 'dhparam' instead.

Browse Source
This commit is contained in:
Christoph 2017-05-16 17:28:31 +02:00
parent 4501c38aa7
commit 15df203d5f
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
install_postfix_base.sh
View File

@ -671,7 +671,7 @@ smtpd_tls_key_file = $_TLS_KEY_FILE
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## - ## -
## - Dont't forget to create it, e.g with openssl: ## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 ## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
## - ## -
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem #smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
## - also possible to use 2048 key with that parameter ## - also possible to use 2048 key with that parameter
@ -681,7 +681,7 @@ smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## - ## -
## - Dont't forget to create it, e.g with openssl: ## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 ## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
## - ## -
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
@ -871,7 +871,7 @@ fi
## - ## -
echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\"" echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -882,7 +882,7 @@ else
fi fi
echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\"" echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\""
if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -893,7 +893,7 @@ else
fi fi
echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\"" echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\""
if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else

10
install_postfix_relay.sh
View File

@ -601,7 +601,7 @@ smtpd_tls_key_file = $_TLS_KEY_FILE
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## - ## -
## - Dont't forget to create it, e.g with openssl: ## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 ## - openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
## - ## -
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem #smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
## - also possible to use 2048 key with that parameter ## - also possible to use 2048 key with that parameter
@ -611,7 +611,7 @@ smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## - ## -
## - Dont't forget to create it, e.g with openssl: ## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 ## - openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
## - ## -
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
@ -926,7 +926,7 @@ fi
## - ## -
echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\"" echononl " Generate DH key length=512 \"/etc/postfix/ssl/dh_512.pem\""
if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then if [ ! -f /etc/postfix/ssl/dh_512.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -937,7 +937,7 @@ else
fi fi
echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\"" echononl " Generate DH key length=1024 \"/etc/postfix/ssl/dh_1024.pem\""
if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then if [ ! -f /etc/postfix/ssl/dh_1024.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -948,7 +948,7 @@ else
fi fi
echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\"" echononl " Generate DH key length=2048 \"/etc/postfix/ssl/dh_2048.pem\""
if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then if [ ! -f /etc/postfix/ssl/dh_2048.pem ]; then
openssl gendh -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1 openssl dhparam -out /etc/postfix/ssl/dh_2048.pem -2 2048 > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else