- * For RHEL-7/CentOS-7 Dovecot set in /etc/pki/dovecot/dovecot-openssl.cnf:
+ * For Dovecot in RHEL/CentOS up to 7.8 (it is fixed in 7.9) set in /etc/pki/dovecot/dovecot-openssl.cnf:
[source,shell]
----
[ req ]
- default_bits = 2048
+ default_bits = 3072
----
* The most secure method is to use Elliptic Curve Digital Signature Algorithm (ECDSA) to generate new ssh keys, as the methods above override Fedora 33 new crypto polices rendering your system vulnerable.