ssl_params error on RHEL7 FIPS enabled

Brad Partin bpartin2009 at gmail.com
Thu Aug 19 22:37:43 EEST 2021


All,

The machine I’m running dovecot on is:
RHEL7.9 3.10.0-1160.31.1.el7.x86_64

I can run Systemctl restart dovecot then status or
/usr/libexec/dovecot/ssl-params and I get the following error.

Info: Generating SSL parameters
Fatal: ssl_iostream_generate_params(4096) failed: DH_generate_parameters(bits=512, gen=2) failed: error:0506A06E:lib(5):func(106):reason(110), error 0506A003:lib(5):func(106):reason(3)
Error: child process failed with status 22784

I can generate a diffie-hellman pem with 
openssl dhparam -out /etc/dovecot/dh.pem 4096
But dovecot 2.2.36 does not have the option of telling it where the dh.pem file is located in the config like version 2.3 does. 
Is my error related to FIPS and is there a way around it? 

My dovecot version is:
Dovecot version 2.2.36 release 8.el7

Thanks in advance to anyone willing to help out, I know it’s voluntary 🙏

Thanks,
bpartin2009

Sent from my iPhone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210819/6d9ddf99/attachment-0001.html>


More information about the dovecot mailing list