summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2013-10-03 13:16:43 -0400
committerMicah Anderson <micah@leap.se>2013-10-06 17:31:38 -0400
commit5d25466e8365577c48df98afdd22d2880b7ef5ce (patch)
treededb80c53d54141d6fa5ac1e1ecc170a27bfbcca
parented694ff4b412c36801e17c93c0ee587da1ebc981 (diff)
It turns out postfix's variable for 1024bit DH parameters can actually take a file of arbitrary length (#4012)0.3.0rc3
Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
-rw-r--r--puppet/modules/site_postfix/manifests/mx/tls.pp6
1 files changed, 3 insertions, 3 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/tls.pp b/puppet/modules/site_postfix/manifests/mx/tls.pp
index 96cfa911..cff686e5 100644
--- a/puppet/modules/site_postfix/manifests/mx/tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/tls.pp
@@ -29,8 +29,8 @@ class site_postfix::mx::tls {
# parameters Neither Postfix nor OpenSSL actually care about the size of the
# prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits
- exec { 'certtool-postfix-gendh-1024':
- command => 'certtool --generate-dh-params --bits=2048 --outfile=/etc/postfix/smtpd_tls_dh_param.pem',
+ exec { 'certtool-postfix-gendh':
+ command => 'certtool --generate-dh-params --bits 2048 --outfile /etc/postfix/smtpd_tls_dh_param.pem',
user => root,
group => root,
creates => '/etc/postfix/smtpd_tls_dh_param.pem',
@@ -43,7 +43,7 @@ class site_postfix::mx::tls {
owner => root,
group => root,
mode => '0600',
- require => Exec['certtool-postfix-gendh-1024'];
+ require => Exec['certtool-postfix-gendh'];
}
postfix::config { 'smtpd_tls_dh1024_param_file':