ssh_dh?

C. Andrews Lavarre alavarre at gmail.com
Mon Dec 17 03:42:11 EET 2018


Daniel, as of 2.3.x, you have to create a dh.pem parameter file unless
you can convert an existing parameter file:
	https://wiki.archlinux.org/index.php/dovecot#Generate_DH_parame
ters
		To generate a new DH parameters file (this will take
very long):

		# openssl dhparam -out /etc/dovecot/dh.pem 4096


	then add the file to /etc/dovecot/conf.d/10-ssl.conf

	ssl_dh = </etc/dovecot/dh.pem



This creates a file dh.pem. The dh.pem file contains the base g and
modulo p. These parameters define how OpenSSL performs the Diffie-
Hellman (DH) key-exchange.

More light reading:
	https://security.stackexchange.com/questions/45963/diffie-hellm
an-key-exchange-in-plain-english
	https://security.stackexchange.com/questions/94390/whats-the-pu
rpose-of-dh-parameters
	
Yes it took a very long time, indeed five hours in my case. But now it
works.
I took a nap and listened to Messiah while it ground away...

Enjoy...

:-) 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181216/6ce456d3/attachment.html>


More information about the dovecot mailing list