How to omit the DH parameter in v2.3.3+ ( as stated in 'Upgrading Dovecot v2.2 to v2.3' )

[J. Sommersberg]

Hi,

i just finished tuning my dovecot setup after upgrading to 2.3.7.2.
I needed to add the "ssl_dh =„ parameter to my config as stated in the online docs at dovecot.org <http://dovecot.org/>.
That was no problem and is well documented there and the hint in the log on startup also helped to quickly identify the problem.

After that i was curious and read more and did a lot of research.
But i just could not find out how to „omit“ the DH parameter as stated in the online docs:
https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/ <https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/>

It says :
„Since v2.3.3+ DH parameter usage is optional and can be omitted.“

I trried it in different ways.
First i disallowed DH on the ssl_cipher_list like it was suggested in the example in this doc.
But it will still give Errors on startup/reload of dovecot.

Next i tried 
ssl_dh = 
that also did not work.

I could not figure out how to „omit“ the DH parameter.

Is it just my misinterpretation of the config doc?

thanks for clarifying

Best regards

joerg


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210427/cdd35b1a/attachment.html>