fripost-ansible/roles/common/files/usr/local/bin, branch master

Send internal system mails to root@f.o.

2025-09-10T13:14:45+00:00

Instead of admin@f.o. Per msgid=.

LDAP: Rotate soon-to-be expired key material.

2024-09-08T18:54:00+00:00

Also, switch from rsa4096 to ed25519 and use a separate key for each
syncrepl.

DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.

2018-12-05T15:24:12+00:00

While the combination of "s=" tag (selector) & "d=" tag signing domain
maps to a unique key, the selector alone doesn't necessarily.

IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.

2016-05-24T15:12:10+00:00

There is no need to bother with X.509 cruft here.

genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH parameters.

2016-05-22T15:53:59+00:00

Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.

2016-05-18T15:55:44+00:00

Ideally we we should also increase the Diffie-Hellman group size from
2048-bit to 3072-bit, as per ENISA 2014 report.

    https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014

But we postpone that for now until we are reasonably certain that older
client won't be left out.

typo

2015-12-04T03:20:17+00:00

genkeypair: use install(1) for atomic file creation with permission mode.

2015-10-28T17:42:15+00:00

genkeypair.sh: Merge privkey and pubkey for identical filekeys.

2015-06-07T00:54:14+00:00

Also, set ‘subjectKeyIdentifier = hash’ in the CSR.

logjam mitigation.

2015-06-07T00:53:52+00:00