possible to disable dh_key/ssl-parameters.dat generation when only using ECDHE ciphers.

Aki Tuomi aki.tuomi at dovecot.fi
Wed May 9 18:06:35 EEST 2018


2.3.1 does not generate them at all and accepts a static file.
---Aki TuomiDovecot oy
-------- Original message --------From: Erik de Waard <erikdewaard at gmail.com> Date: 09/05/2018  17:48  (GMT+02:00) To: dovecot at dovecot.org Subject: possible to disable dh_key/ssl-parameters.dat generation when only using ECDHE ciphers. 
Hi,
I want to disable dh_key/ssl-parameters.dat entirely since i'm only using ECDHE ciphers.

# 2.2.34 (874deae): /etc/dovecot/dovecot.conf# Pigeonhole version 0.4.22 (22940fb7)# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4 # Hostname: somehost.comauth_cache_negative_ttl = 0auth_cache_size = 10 Mauth_cache_ttl = 1 daysauth_username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"default_client_limit = 1500default_vsz_limit = 600 Mdisable_plaintext_auth = noinfo_log_path = /var/log/mail.log.infolisten = *log_timestamp = "%Y-%m-%d %H:%M:%S "mail_debug = yesmail_max_userip_connections = 100mail_privileged_group = mailmmap_disable = yesnamespace inbox {  inbox = yes  location =   mailbox Drafts {    special_use = \Drafts  }  mailbox Junk {    special_use = \Junk  }  mailbox Sent {    special_use = \Sent  }  mailbox "Sent Messages" {    special_use = \Sent  }  mailbox Trash {    special_use = \Trash  }  prefix = INBOX.  separator = .  type = private}passdb {  args = /etc/dovecot/dovecot-sql.conf  driver = sql}plugin {  sieve_execute_bin_dir = /etc/dovecot/sieve-executables  sieve_global_extensions = +vnd.dovecot.execute  sieve_plugins = sieve_extprograms}protocols = imap lmtpservice anvil {  unix_listener anvil-auth-penalty {    mode = 0600  }}service auth {  user = root}service imap-login {  client_limit = 6000  process_limit = 4  process_min_avail = 4  service_count = 0  vsz_limit = 600 M}service imap {  client_limit = 1  process_limit = 1024  service_count = 50}service lmtp {  inet_listener lmtp {    port = 24  }}ssl_cert = </etc/dovecot/dovecot.crtssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256ssl_key =  # hidden, use -P to show itssl_prefer_server_ciphers = yesuserdb {  driver = prefetch}userdb {  args = /etc/dovecot/dovecot-sql.conf  driver = sql}verbose_proctitle = yesprotocol lmtp {  mail_plugins = " sieve"  plugin {    sieve = ~/filters.sieve    sieve_after = /etc/dovecot/sieve/after.sieve    sieve_before = /etc/dovecot/sieve/before.sieve  }  userdb {    args = /etc/dovecot/dovecot-sql-lmtp.conf    driver = sql    name =   }}




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180509/a093792c/attachment-0001.html>


More information about the dovecot mailing list