On 17 December 2018 at 07:08 Aki Tuomi < aki.tuomi@open-xchange.com> wrote:



On 17 December 2018 at 00:30 Daniel Miller via dovecot < dovecot@dovecot.org> wrote:


Don't know if this was corrected in 2.3.4 (haven't upgraded yet but
didn't see it in the notes) - but in 2.3.3 I see this in my log:

imap-login: Error: Diffie-Hellman key exchange requested, but no DH
parameters provided. Set ssh_dh=</path/to/dh.pem

So...either there's an undocumented feature of SSH-over-IMAP (that's
Dovecot - always on the cutting edge!) or someone had a coffee shortage
during a coding session...


--
Daniel

It's a typo. We made non-ec DH optional in 2.3.4. This means you can remove all non-ec dh crypto algos from cipherlist. This was because ec support is pretty good and generating safe dh parameters takes a very long time, so one can simply stop supporting non-ec dh based algorithms.
---
Aki Tuomi
And I ment in 2.3.3. 

---
Aki Tuomi