From b639105b814f61d96f43e68710c26354cce495ed Mon Sep 17 00:00:00 2001
From: Jan Kratochvil <jan.kratochvil@redhat.com>
Date: Oct 31 2020 12:00:44 +0000
Subject: F-33 release notes: CentOS-7 Dovecot key update


---

diff --git a/modules/release-notes/pages/sysadmin/Security.adoc b/modules/release-notes/pages/sysadmin/Security.adoc
index 1459d25..77787a4 100644
--- a/modules/release-notes/pages/sysadmin/Security.adoc
+++ b/modules/release-notes/pages/sysadmin/Security.adoc
@@ -42,6 +42,14 @@ If you want to communicate with legacy systems, you may:
     PubkeyAcceptedKeyTypes ssh-rsa
 ----
 
+* For RHEL-7/CentOS-7 Dovecot set in /etc/pki/dovecot/dovecot-openssl.cnf:
+
+[source,shell]
+----
+[ req ]
+default_bits = 2048
+----
+
 * The most secure method is to use Elliptic Curve Digital Signature Algorithm (ECDSA) to generate new ssh keys, as the methods above override Fedora 33 new crypto polices rendering your system vulnerable.