diff options
| author | Micah Anderson <micah@leap.se> | 2013-10-03 13:16:43 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@leap.se> | 2013-10-06 17:31:38 -0400 |
| commit | 5d25466e8365577c48df98afdd22d2880b7ef5ce (patch) | |
| tree | dedb80c53d54141d6fa5ac1e1ecc170a27bfbcca | |
| parent | ed694ff4b412c36801e17c93c0ee587da1ebc981 (diff) | |
It turns out postfix's variable for 1024bit DH parameters can actually take a file of arbitrary length (#4012)0.3.0rc3
Neither Postfix nor OpenSSL actually care about the size of the prime in
"smtpd_tls_dh1024_param_file". You can make it 2048 bits
Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx/tls.pp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/tls.pp b/puppet/modules/site_postfix/manifests/mx/tls.pp index 96cfa911..cff686e5 100644 --- a/puppet/modules/site_postfix/manifests/mx/tls.pp +++ b/puppet/modules/site_postfix/manifests/mx/tls.pp @@ -29,8 +29,8 @@ class site_postfix::mx::tls { # parameters Neither Postfix nor OpenSSL actually care about the size of the # prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits - exec { 'certtool-postfix-gendh-1024': - command => 'certtool --generate-dh-params --bits=2048 --outfile=/etc/postfix/smtpd_tls_dh_param.pem', + exec { 'certtool-postfix-gendh': + command => 'certtool --generate-dh-params --bits 2048 --outfile /etc/postfix/smtpd_tls_dh_param.pem', user => root, group => root, creates => '/etc/postfix/smtpd_tls_dh_param.pem', @@ -43,7 +43,7 @@ class site_postfix::mx::tls { owner => root, group => root, mode => '0600', - require => Exec['certtool-postfix-gendh-1024']; + require => Exec['certtool-postfix-gendh']; } postfix::config { 'smtpd_tls_dh1024_param_file': |