<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi!</p>
    <p>This change has now been committed, please find it at
      <a class="moz-txt-link-freetext" href="https://github.com/dovecot/core/compare/cd08262%5E...dd6323.patch">https://github.com/dovecot/core/compare/cd08262%5E...dd6323.patch</a><br>
    </p>
    Aki<br>
    <br>
    <div class="moz-cite-prefix">On 16.07.2018 09:53, Aki Tuomi wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:20180716065357.409082AEF43@talvi.dovecot.org">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <div>This is a known issue, but thanks for reporting it.</div>
      <div><br>
      </div>
      <div><br>
      </div>
      <div><br>
      </div>
      <div id="composer_signature">
        <meta http-equiv="Content-Type" content="text/html;
          charset=utf-8">
        ---
        <div>Aki Tuomi</div>
        <div>Dovecot oy</div>
      </div>
      <div><br>
      </div>
      <div style="font-size:100%;color:#000000"><!-- originalMessage -->
        <div>-------- Original message --------</div>
        <div>From: Eric Toombs <a class="moz-txt-link-rfc2396E" href="mailto:ewtoombs@uwaterloo.ca"><ewtoombs@uwaterloo.ca></a> </div>
        <div>Date: 16/07/2018 08:41 (GMT+02:00) </div>
        <div>To: <a class="moz-txt-link-abbreviated" href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a> </div>
        <div>Subject: ssl_dh required, even though DH is disabled. </div>
        <div><br>
        </div>
      </div>
      Here's my config:<br>
      <br>
      # 2.3.2 (582970113): /etc/dovecot/dovecot.conf<br>
      # OS: Linux 4.17.5-1-ARCH x86_64 Arch Linux<br>
      # Hostname: vault<br>
      passdb {<br>
        driver = pam<br>
      }<br>
      protocols = imap<br>
      service imap-login {<br>
        inet_listener imap {<br>
          port = 0<br>
        }<br>
      }<br>
      ssl = required<br>
      ssl_cert = </etc/letsencrypt/live/myhostname.com/fullchain.pem<br>
      ssl_cipher_list =<br>
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384<br>
      ssl_key =  # hidden, use -P to show it<br>
      ssl_min_protocol = TLSv1.2<br>
      <br>
      My filesystem is ext4.<br>
      <br>
      Even though I use ssl_cipher_list to forbid DH, dovecot still
      doesn't<br>
      work unless I provide an ssl_dh, delivering the following error:<br>
      <br>
      <br>
      Jul 14 21:48:08 vault dovecot[8349]: imap-login: Error: Failed to<br>
      initialize SSL server context: Couldn't parse DH parameters:<br>
      error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting:
      DH<br>
      PARAMETERS: user=<>, rip=10.0.0.1, lip=10.0.0.2,
      session=<4sGi5/9w3pwKAAAB><br>
      <br>
      While providing an ssl_dh is only a minor annoyance, it would be
      nice if<br>
      I didn't have to.<br>
    </blockquote>
    <br>
  </body>
</html>