How to omit the DH parameter in v2.3.3+ ( as stated in 'Upgrading Dovecot v2.2 to v2.3' )
Hi,
i just finished tuning my dovecot setup after upgrading to 2.3.7.2. I needed to add the "ssl_dh =„ parameter to my config as stated in the online docs at dovecot.org http://dovecot.org/. That was no problem and is well documented there and the hint in the log on startup also helped to quickly identify the problem.
After that i was curious and read more and did a lot of research. But i just could not find out how to „omit“ the DH parameter as stated in the online docs: https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/ https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/
It says : „Since v2.3.3+ DH parameter usage is optional and can be omitted.“
I trried it in different ways. First i disallowed DH on the ssl_cipher_list like it was suggested in the example in this doc. But it will still give Errors on startup/reload of dovecot.
Next i tried ssl_dh = that also did not work.
I could not figure out how to „omit“ the DH parameter.
Is it just my misinterpretation of the config doc?
thanks for clarifying
Best regards
joerg
On 27/04/2021 18:02 J. Sommersberg not1long@gmx.de wrote:
Hi,
i just finished tuning my dovecot setup after upgrading to 2.3.7.2. I needed to add the "ssl_dh =„ parameter to my config as stated in the online docs at dovecot.org (http://dovecot.org). That was no problem and is well documented there and the hint in the log on startup also helped to quickly identify the problem.
After that i was curious and read more and did a lot of research. But i just could not find out how to „omit“ the DH parameter as stated in the online docs: https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/
It says : „Since v2.3.3+ DH parameter usage is optional and can be omitted.“
I trried it in different ways. First i disallowed DH on the ssl_cipher_list like it was suggested in the example in this doc. But it will still give Errors on startup/reload of dovecot.
Next i tried ssl_dh = that also did not work.
I could not figure out how to „omit“ the DH parameter.
Is it just my misinterpretation of the config doc?
thanks for clarifying
Best regards
joerg
Hi!
Can you share the errors you receive? You can simply leave the setting away, and not set it. Remember to remove /var/lib/dovecot/ssl-params.dat too.
Aki
participants (2)
-
Aki Tuomi
-
J. Sommersberg