automatically generate dh parameter files on the servers
I'm not sure that the dh parameter generation is used anywhere right now, and I do not want to use it for postfix's dh parameters for a couple of reasons:
. because it is more secure to generate different parameters for different programs that will use them . it is more secure to have a different set of parameters for each machine . it is more secure if the parameters aren't shared . it is more secure if they are just generated on the system, and not stored in the provider directory if there is no reason to do so . it is easy to generate these on the fly . for postfix we need two different dh parameter files for different bit sizes, and we are only generating one of an unknown bit size
so I kind of think that this should be removed, unless it is being used for something else and there is a good reason to have a single dh file that is used for multiple things, which I dont think is really a good idea.
(from redmine: created on 2013-09-26, relates #3953 (closed))