On 17/09/15 21:18, Jason L Tibbitts III wrote:
>>>>> "DP" == Daniel Pocock
<daniel(a)pocock.pro> writes:
DP> For reSIProcate 1.10.0, we will support PFS on TLS connections, this
DP> requires a DH parameters file to be generated on each installation
DP> of the package.
I do not know what that program is or does, but if it's a daemon then it
is better to do such things as part of the daemon invocation. There is
a whole guideline on doing that at
https://fedoraproject.org/wiki/Packaging:Initial_Service_Setup
On the other hand, if it's not a daemon it might be easier to create
these things the first time the program is started, unless it's expected
to be run by users in which case I guess the scriptlet is going to be
your best bet.
Thanks for the feedback
Creating the DH parameters is slow (it takes several seconds) so it is
probably not something that can be done on every startup.
You can see what I mean by executing this command:
$ time openssl dhparam -outform PEM -out /tmp/dh2048.pem 2048