creation of ssl-parameters fails
Aki Tuomi
aki.tuomi at dovecot.fi
Sun Aug 19 18:21:31 EEST 2018
Just generate new parameters on some machine with good entropy source.
---Aki TuomiDovecot oy
-------- Original message --------From: Kai Schaetzl <maillists at conactive.com> Date: 19/08/2018 18:08 (GMT+02:00) To: dovecot at dovecot.org Subject: creation of ssl-parameters fails
I did that the last time one year ago, now on another machine with the
same software (Ubuntu 16.04) it fails.
openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam
-inform der > /etc/dovecot/dh.pem
last command fails with
681+0 records in
681+0 records out
681 bytes copied, 0,00278343 s, 245 kB/s
unable to load DH parameters
139858178938624:error:0D0680A8:asn1 encoding
routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1129:
139858178938624:error:0D07803A:asn1 encoding
routines:asn1_item_embed_d2i:nested asn1
error:../crypto/asn1/tasn_dec.c:289:Type=DH
ssl-parameters.dat is more than double the size as the one that worked.
And that one I can still transform:
272+0 records in
272+0 records out
272 bytes copied, 0,00105017 s, 259 kB/s
So, something with
openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
must be wrong. But what?
https://wiki.dovecot.org/SSL/DovecotConfiguration
tells to use this command.
Thanks!
Kai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180819/c40ceb46/attachment.html>
More information about the dovecot
mailing list