Is Diffie-Hellman needed?

dovecot at ptld.com dovecot at ptld.com
Mon Jan 10 16:08:17 UTC 2022


Is Diffie-Hellman needed on a modern new dovecot setup?

ssl_dh is empty by default.
Both ssl_cert and ssl_key on my setup are pointing to let's encrypt certs.

However i see Diffie-Hellman related warnings in logs:
dovecot[1073]: imap-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssl_dh=</path/to/dh.pem

Am i causing issues for some users by not setting up ssl_dh or is this something being phased out?


More information about the dovecot mailing list