1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
Very Important:
Do NOT set the data_buffer_size variable in the config to the same or
larger than your TCP buffer size, it will make the CPU usage go up
and the performance down with a magnitude of atleast 10.
To see your TCP buffer sizes on BSD systems use:
sysctl net.inet.tcp.recvspace
sysctl net.inet.tcp.sendspace
---
VERY IMPORTANT:
If TLS negotiation fails with clients, this could be one of the following reasons:
* Your client does NOT support 1024 bit encryption
-> try editing wzd_tls.cnf and set default_bits = 512
---
To create a RSA key and cerificate use:
openssl req -new -x509 -days 365 -nodes -config wzd_tls.cnf -out \
wzd.pem -keyout wzd.pem
then specify this file with the tls_certificate option in wzd.cfg
---
If your system lacks /dev/urandom, do NOT link a possibly existing
/dev/random but instead use a entropy gathering daemon like PRNGD (PRNGD
is never drained and can never block (unlike the original EGD or
/dev/random)). PRNGD can be found on:
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
|
