Parameter 'key_sizes' has been added to the config

2025-05-19 21:54:42 +02:00
parent 80034ba0e7
commit f2676498cd
2 changed files with 34 additions and 8 deletions
--- a/edh-keygen.conf
+++ b/edh-keygen.conf
@@ -5,14 +5,31 @@
 #
 #   tls_tmp_path     - Temporary folder for DH key generation
 #   tls_private_path - Folder where DH keys are stored permanently
+#   key_sizes        - (Optional) Space-separated list of DH key sizes to generate.
 #
 # If omitted, the following defaults are used:
 #   tls_tmp_path=/etc/pki/tls/tmp
 #   tls_private_path=/etc/pki/tls/private/
 #
+# key_sizes usage:
+#   You can define a global list of Diffie-Hellman key sizes to generate by
+#   setting the 'key_sizes' parameter at the top of this file. This allows you
+#   to explicitly control which DH parameter sizes are created, regardless of
+#   the sizes specified in individual service lines.
+#
+#   Example:
+#     key_sizes=2048 4096
+#
+#   - This will instruct the script to generate DH parameters for 2048
+#     and 4096 bits.
+#   - If 'key_sizes' is not set, the script will automatically extract all key
+#     sizes used in the service definitions and generate those.
+#   - Use a space-separated list for multiple sizes.
+#
 # Example:
 #   tls_tmp_path=/etc/pki/tls/tmp
 #   tls_private_path=/etc/pki/tls/private/
+#   key_sizes=2048 4096
 #
 # -----------------------------------------------------------------------------
 #
@@ -57,6 +74,7 @@
 # Global settings
 #tls_tmp_path=/etc/pki/tls/tmp
 #tls_private_path=/etc/pki/tls/private/
+#key_sizes=2048 4096

 # Service lines
 #dovecot:root