How to omit the DH parameter in v2.3.3+ ( as stated in 'Upgrading Dovecot v2.2 to v2.3' )
Aki Tuomi
aki.tuomi at open-xchange.com
Tue Apr 27 19:08:11 EEST 2021
> On 27/04/2021 18:02 J. Sommersberg <not1long at gmx.de> wrote:
>
>
> Hi,
>
> i just finished tuning my dovecot setup after upgrading to 2.3.7.2.
> I needed to add the "ssl_dh =„ parameter to my config as stated in the online docs at dovecot.org (http://dovecot.org).
> That was no problem and is well documented there and the hint in the log on startup also helped to quickly identify the problem.
>
> After that i was curious and read more and did a lot of research.
> But i just could not find out how to „omit“ the DH parameter as stated in the online docs:
> https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/
>
> It says :
> „Since v2.3.3+ DH parameter usage is optional and can be omitted.“
>
> I trried it in different ways.
> First i disallowed DH on the ssl_cipher_list like it was suggested in the example in this doc.
> But it will still give Errors on startup/reload of dovecot.
>
> Next i tried
> ssl_dh =
> that also did not work.
>
> I could not figure out how to „omit“ the DH parameter.
>
> Is it just my misinterpretation of the config doc?
>
> thanks for clarifying
>
> Best regards
>
> joerg
>
>
Hi!
Can you share the errors you receive? You can simply leave the setting away, and not set it. Remember to remove /var/lib/dovecot/ssl-params.dat too.
Aki
More information about the dovecot
mailing list