Parameters for DSA/DH cipher suite V8.11 and later
For Ephemeral Diffie-Hellman encoding, the server first sends either an RSA or a DSA public key. The server then generates, signs, and sends the Diffie-Hellman (DH) parameters and the DH public value.
The DH parameters that are sent are generated or read
from a file. The location of that file is defined
with this DHParameters option:
O DHParameters=param ← configuration file (V8.11 and later) -ODHParameters=param ← command line (V8.11 and later) define(`confDH_PARAMETERS',`param') ← mc configuration (V8.11 and later)
Here, param is one of the
items shown in Table 24-17. Note
that only the first character is examined, so
5 and 512 are equivalent. Also
note that the default is 1024 for the server, and
512 for the client.
Table 24-17. DHParameters parameter items
|
Item |
Meaning |
|---|---|
|
None |
No parameters, so don't use DH. |
|
512 |
Generate 512-bit fixed parameters. |
|
1024 |
Generate 1024-bit fixed parameters. |
|
|
Read the parameters from a file. |
If you list the /path/file item, the file referenced
must live in a safe path, one that is writable only
by root.
If you use an item that is not in the table, one of the following errors will print and be logged, depending on whether sendmail is in the role of a client or server:
STARTTLS=client, error: illegal value 'bad item' for DHParam STARTTLS=server, error: illegal value 'bad item' for DHParam
This option should be defined only if a cipher suite containing DSA/DH is used. Otherwise, ...