https://wiki.dovecot.org/SSL/DovecotConfiguration says:
"Since v2.3.3+ Diffie-Hellman parameters have been made optional, and you are encouraged to disable non-ECC DH algorithms completely."
and a bit later: "From version 2.3, you must specify path to DH parameters file using ssl_dh=</path/to/dh.pem"
So.
Is ssl_dh an optional or a must?
I've disabled ssl_dh in my config. Dovecot works fine except it shows warnings:
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd ...
I'm using dovecot version 2.3.4.1-1~bpo9+1 from debian stretch-backports
-- sergio.
On Sat, Mar 16, 2019, at 11:12 PM, sergio via dovecot wrote:
I'm subscribed, please reply to list directly.
ssl_dh is required from 2.3.0-2.3.2. From 2.3.3 onwards its optional. You can rm the ssl-parameters.dat file to get rid of that warning.
I have no ssl-parameters.dat file.
Did you check
/var/lib/dovecot
?
-- K
participants (3)
-
Aki Tuomi
-
Kostya Vasilyev
-
sergio