Skynet/misc_nixos-mailserver
7
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Increase default DKIM key bits to 2048

Browse source 
This is the current recommendation in RFC 8301 from early 2018.

Fixes: #333
This commit is contained in:
Martin Weinelt 2025-08-22 22:27:46 +02:00
parent 57d9624c71
commit 2204f55329
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
2 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
default.nix
View file

@ -976,9 +976,9 @@ in
dkimKeyBits = mkOption {
type = types.int;
default = 1024;
default = 2048;
description = ''
How many bits in generated DKIM keys. RFC6376 advises minimum 1024-bit keys.
How many bits in generated DKIM keys. RFC8301 suggests a minimum RSA key length of 2048 bit.
If you have already deployed a key with a different number of bits than specified
here, then you should use a different selector ({option}`mailserver.dkimSelector`). In order to get