1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
|
Very Important:
Do NOT set the data_buffer_size variable in the config to the same or
larger than your TCP buffer size, it will make the CPU usage go up
and the performance down with a magnitude of atleast 10.
To see your TCP buffer sizes on BSD systems use:
sysctl net.inet.tcp.recvspace
sysctl net.inet.tcp.sendspace
---
VERY IMPORTANT:
If TLS negotiation fails with clients, this could be one of the following reasons:
* Your client does NOT support 1024 bit encryption
-> try editing wzd_tls.cnf and set default_bits = 512
---
To create a RSA key and cerificate use:
openssl req -new -x509 -days 365 -nodes -config wzd_tls.cnf -out \
wzd.pem -keyout wzd.pem
then specify this file with the tls_certificate option in wzd.cfg
---
If your system lacks /dev/urandom, do NOT link a possibly existing
/dev/random but instead use a entropy gathering daemon like PRNGD (PRNGD
is never drained and can never block (unlike the original EGD or
/dev/random)). PRNGD can be found on:
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
|