ssl_dh

sergio sergio at outerface.net
Sat Mar 16 12:50:26 EET 2019


https://wiki.dovecot.org/SSL/DovecotConfiguration says:

"Since v2.3.3+ Diffie-Hellman parameters have been made optional, and 
you are encouraged to disable non-ECC DH algorithms completely."

and a bit later:
"From version 2.3, you must specify path to DH parameters file using 
ssl_dh=</path/to/dh.pem"

So.

1. Is ssl_dh an optional or a must?

2. I've disabled ssl_dh in my config. Dovecot works fine except it shows 
warnings:

doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
doveconf: Warning: You can generate it with: dd ...


I'm using dovecot version 2.3.4.1-1~bpo9+1 from debian stretch-backports

-- 
sergio.


More information about the dovecot mailing list