creation of ssl-parameters fails

Aki Tuomi aki.tuomi at dovecot.fi
Sun Aug 19 18:21:31 EEST 2018


Just generate new parameters on some machine with good entropy source.


---Aki TuomiDovecot oy
-------- Original message --------From: Kai Schaetzl <maillists at conactive.com> Date: 19/08/2018  18:08  (GMT+02:00) To: dovecot at dovecot.org Subject: creation of ssl-parameters fails 
I did that the last time one year ago, now on another machine with the 
same software (Ubuntu 16.04) it fails.

openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam 
-inform der > /etc/dovecot/dh.pem
last command fails with

681+0 records in
681+0 records out
681 bytes copied, 0,00278343 s, 245 kB/s
unable to load DH parameters
139858178938624:error:0D0680A8:asn1 encoding 
routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1129:
139858178938624:error:0D07803A:asn1 encoding 
routines:asn1_item_embed_d2i:nested asn1 
error:../crypto/asn1/tasn_dec.c:289:Type=DH

ssl-parameters.dat is more than double the size as the one that worked.
And that one I can still transform:

272+0 records in
272+0 records out
272 bytes copied, 0,00105017 s, 259 kB/s

So, something with
openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
must be wrong. But what?
https://wiki.dovecot.org/SSL/DovecotConfiguration
tells to use this command.

Thanks!

Kai



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180819/c40ceb46/attachment.html>


More information about the dovecot mailing list