On 30.10.2017 09:10, Aki Tuomi wrote:
On 30.10.2017 00:23, Reuben Farrelly wrote:
Hi Aki,
On 30/10/2017 12:43 AM, Aki Tuomi wrote:
On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dovecot@reub.net> wrote:
Hi again,
Chasing down one last problem which seems to have been missed from my last email:
On 20/10/2017 9:22 PM, Stephan Bosch wrote:
Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
On 18/10/2017 11:40 PM, Timo Sirainen wrote: > On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> > wrote:
This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e)
> Secondly, this ssl_dh messages is always printed from doveconf: > > doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem > doveconf: Warning: You can generate it with: dd > if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > -inform der > /etc/dovecot/dh.pem > > Yet the file is there: > > thunderstorm conf.d # ls -la /etc/dovecot/dh.pem > -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem > > And the config is there as well: > > thunderstorm dovecot # doveconf -P | grep ssl_dh > ssl_dh = </etc/dovecot/dh.pem > doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem > doveconf: Warning: You can generate it with: dd > if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > -inform der > /etc/dovecot/dh.pem > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > ssl_dh = -----BEGIN DH PARAMETERS----- > thunderstorm dovecot # > > It appears that this warning is being triggered by the presence of > the ssl-parameters.dat file because when I remove it the warning > goes away. Perhaps the warning could be made a bit more specific > about this file being removed if it is not required because at the > moment the warning message is not related to the trigger. > > Thanks, > Reuben Thanks, Reuben It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file.
Aki
I have this already in my 10-ssl.conf file:
lightning dovecot # /etc/init.d/dovecot reload doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem * Reloading dovecot configs and restarting auth/login processes ... [ ok ] lightning dovecot #
However:
lightning dovecot # grep ssl_dh conf.d/10-ssl.conf # gives on startup when ssl_dh is unset. ssl_dh=</etc/dovecot/dh.pem lightning dovecot #
and the file is there:
lightning dovecot # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem lightning dovecot #
So it is actually configured and yet the warning still is present.
Reuben
Hi!
I gave this a try, and I was not able to repeat this issue. Perhaps you are still missing ssl_dh somewhere?
Aki
Hello
Just a guess, but at this point I would recommend reviewing the output of "doveconf -n" to make sure the appropriate settings are present.
br, Teemu