On 30.10.2017 00:23, Reuben Farrelly wrote:
Hi Aki,
On 30/10/2017 12:43 AM, Aki Tuomi wrote:
On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dovecot@reub.net> wrote:
Hi again,
Chasing down one last problem which seems to have been missed from my last email:
On 20/10/2017 9:22 PM, Stephan Bosch wrote:
Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
On 18/10/2017 11:40 PM, Timo Sirainen wrote:
On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot@reub.net> wrote:
This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e)
Secondly, this ssl_dh messages is always printed from doveconf:
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem
Yet the file is there:
thunderstorm conf.d # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
And the config is there as well:
thunderstorm dovecot # doveconf -P | grep ssl_dh ssl_dh = </etc/dovecot/dh.pem doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- ssl_dh = -----BEGIN DH PARAMETERS----- thunderstorm dovecot #
It appears that this warning is being triggered by the presence of the ssl-parameters.dat file because when I remove it the warning goes away. Perhaps the warning could be made a bit more specific about this file being removed if it is not required because at the moment the warning message is not related to the trigger.
Thanks, Reuben Thanks, Reuben It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file.
Aki
I have this already in my 10-ssl.conf file:
lightning dovecot # /etc/init.d/dovecot reload doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem * Reloading dovecot configs and restarting auth/login processes ... [ ok ] lightning dovecot #
However:
lightning dovecot # grep ssl_dh conf.d/10-ssl.conf # gives on startup when ssl_dh is unset. ssl_dh=</etc/dovecot/dh.pem lightning dovecot #
and the file is there:
lightning dovecot # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem lightning dovecot #
So it is actually configured and yet the warning still is present.
Reuben
Hi!
I gave this a try, and I was not able to repeat this issue. Perhaps you are still missing ssl_dh somewhere?
Aki