[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to tell client to use ssf=256 instead of ssf=128

--On Monday, October 08, 2012 11:46 AM -0700 Philip Guenther <guenther+ldaptech@sendmail.com> wrote:

On Mon, 8 Oct 2012, Quanah Gibson-Mount wrote:
--On Monday, October 08, 2012 7:42 PM +0200 Tobias Hachmer
<lists@kokelnet.de> wrote:
> 1. Why is the client connecting with ssf=128?

Because its cert key is 128 bits.

I don't believe that to be the case.  For RSA, keys generally *start* at
512 bits and go up from there, with 2048 considered a bare minimum by
many  now.  I'm not sure what length you would therefore be referring to
for a  "cert key" of 128 bits.

Hm, I swear when I played with this several years ago, going from 1024 bits to 2048 bits changed my ssf from 128 to 256. But it has been a long time. ;)



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration