Hello,
after upgrading from Fedora 42 to Fedora 43 the dovecot got upgraded to version 2.4.
I tweaked the configuration, dovecot starts, but when client is trying to connect to imap, I get:
imap-login: Error: Failed to initialize SSL connection: Couldn't initialize SSL server context: Can't load SSL certificate (ssl_server_cert_file setting): error:0A00018F:SSL routines ::ee key too small:
I tried replacing 2048 bits RSA with 4096 bits RSA, I tried to not use the dh.pem file (I read somewhere it is not neede any more), I deleted /var/lib/dovecot/ssl-parameters.dat file, but still the same error.
Where should I look next?
My ssl config:
ssl = required
#ssl_server_dh_file = /etc/dovecot/dh.pem
ssl_server { #ssl_server_dh_file = /etc/dovecot/dh.pem ssl_server_cert_file = /somewhere/dovecot.pem ssl_server_key_file = /somewhere/dovecot.pem prefer_ciphers = server }
ssl_min_protocol = TLSv1.2
ssl_cipher_list = PROFILE=SYSTEM
#ssl_verify_client_cert = no #ssl_prefer_server_ciphers = no
Thanks
Marek
Hello, after upgrading from Fedora 42 to Fedora 43 the dovecot got upgraded to version 2.4. I tweaked the configuration, dovecot starts, but when client is trying to connect to imap, I get: imap-login: Error: Failed to initialize SSL connection: Couldn't initialize SSL server context: Can't load SSL certificate (ssl_server_cert_file setting): error:0A00018F:SSL routines ::ee key too small: I tried replacing 2048 bits RSA with 4096 bits RSA, I tried to not use the dh.pem file (I read somewhere it is not neede any more), I deleted /var/lib/dovecot/ssl-parameters.dat file, but still the same error. Where should I look next? My ssl config: ssl = required
#ssl_server_dh_file = /etc/dovecot/dh.pem
ssl_server { #ssl_server_dh_file = /etc/dovecot/dh.pem ssl_server_cert_file = /somewhere/dovecot.pem ssl_server_key_file = /somewhere/dovecot.pem prefer_ciphers = server }
ssl_min_protocol = TLSv1.2
ssl_cipher_list = PROFILE=SYSTEM
#ssl_verify_client_cert = no #ssl_prefer_server_ciphers = no Thanks Marek