[Dovecot] DSA support for TLS?
OpenMacNews
OpenMacNews at speakeasy.net
Sun Sep 11 22:52:47 EEST 2005
hi all,
i've dovecot TLS working correctly w/ locally generated *RSA* CA cert, domain
privkey & self-signed domain cert. to that end, my dovecot.conf includes:
ssl_key_file =
/var/Security/mail.testdomain.com.privkey.rsa.pem
ssl_cert_file = /var/Security/mail.testdomain.com.cert.rsa.pem
ssl_ca_file =
/var/Security/MyCertificateAuthority.CA.cert.rsa.pem
ssl_verify_client_cert = no
ssl_cipher_list =
ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
however, if I try to setup for DSA use:
ssl_key_file =
/var/Security/mail.testdomain.com.privkey.dsa.pem
ssl_cert_file = /var/Security/mail.testdomain.com.cert.dsa.pem
ssl_ca_file =
/var/Security/MyCertificateAuthority.CA.cert.dsa.pem
ssl_verify_client_cert = no
ssl_parameters_file = /var/Security/dsaparam.pem
ssl_parameters_regenerate = 0
an attempt @ dovecot launch results in a logged error of:
dovecot: Sep 11 11:58:43 Error: imap-login: Can't load private key file
/var/Security/mail.testdomain.com.privkey.dsa.pem: error:0607907F:digital
envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key
wherein it looks like dovecot is _still_ seeking an RSA key.
fwiw,
% cat /var/Security/mail.testdomain.com.privkey.dsa.pem
-----BEGIN DSA PRIVATE KEY-----
...
i've searched the dovecot wiki, and although the _only_ reference i find to
dsa/diffie is @:
http://wiki.dovecot.org/moin.cgi/MainConfig
" ...
SSL parameter file. Master process generates this file for login processes.
It contains Diffie Hellman and RSA parameters.
ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat
... "
it does seem to imply that DSA certs are, at least, supported.
comments?
cheers,
richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20050911/2cefc050/attachment-0001.pgp
More information about the dovecot
mailing list