On 17/09/15 21:18, Jason L Tibbitts III wrote: >>>>>> "DP" == Daniel Pocock <daniel@xxxxxxxxxx> writes: > > DP> For reSIProcate 1.10.0, we will support PFS on TLS connections, this > DP> requires a DH parameters file to be generated on each installation > DP> of the package. > > I do not know what that program is or does, but if it's a daemon then it > is better to do such things as part of the daemon invocation. There is > a whole guideline on doing that at > https://fedoraproject.org/wiki/Packaging:Initial_Service_Setup > > On the other hand, if it's not a daemon it might be easier to create > these things the first time the program is started, unless it's expected > to be run by users in which case I guess the scriptlet is going to be > your best bet. > Thanks for the feedback Creating the DH parameters is slow (it takes several seconds) so it is probably not something that can be done on every startup. You can see what I mean by executing this command: $ time openssl dhparam -outform PEM -out /tmp/dh2048.pem 2048 -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
