possible to disable dh_key/ssl-parameters.dat generation when only using ECDHE ciphers.

Erik de Waard erikdewaard at gmail.com
Wed May 9 17:48:38 EEST 2018 

Hi,

I want to disable dh_key/ssl-parameters.dat entirely since i'm only using
ECDHE ciphers.


> # 2.2.34 (874deae): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
# Hostname: somehost.com
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_cache_ttl = 1 days
auth_username_chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
default_client_limit = 1500
default_vsz_limit = 600 M
disable_plaintext_auth = no
info_log_path = /var/log/mail.log.info
listen = *
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_debug = yes
mail_max_userip_connections = 100
mail_privileged_group = mail
mmap_disable = yes
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  sieve_execute_bin_dir = /etc/dovecot/sieve-executables
  sieve_global_extensions = +vnd.dovecot.execute
  sieve_plugins = sieve_extprograms
}
protocols = imap lmtp
service anvil {
  unix_listener anvil-auth-penalty {
    mode = 0600
  }
}
service auth {
  user = root
}
service imap-login {
  client_limit = 6000
  process_limit = 4
  process_min_avail = 4
  service_count = 0
  vsz_limit = 600 M
}
service imap {
  client_limit = 1
  process_limit = 1024
  service_count = 50
}
service lmtp {
  inet_listener lmtp {
    port = 24
  }
}
ssl_cert = </etc/dovecot/dovecot.crt
ssl_cipher_list =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl_key =  # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
verbose_proctitle = yes
protocol lmtp {
  mail_plugins = " sieve"
  plugin {
    sieve = ~/filters.sieve
    sieve_after = /etc/dovecot/sieve/after.sieve
    sieve_before = /etc/dovecot/sieve/before.sieve
  }
  userdb {
    args = /etc/dovecot/dovecot-sql-lmtp.conf
    driver = sql
    name =
  }
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180509/8f3e3233/attachment.html>

More information about the dovecot mailing list