
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hi!</p>

    <p>This change has now been committed, please find it at

      <a class="moz-txt-link-freetext" href="https://github.com/dovecot/core/compare/cd08262%5E...dd6323.patch">https://github.com/dovecot/core/compare/cd08262%5E...dd6323.patch</a><br>

    </p>

    Aki<br>

    <br>

    <div class="moz-cite-prefix">On 16.07.2018 09:53, Aki Tuomi wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:20180716065357.409082AEF43@talvi.dovecot.org">

      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

      <div>This is a known issue, but thanks for reporting it.</div>

      <div><br>

      </div>

      <div><br>

      </div>

      <div><br>

      </div>

      <div id="composer_signature">

        <meta http-equiv="Content-Type" content="text/html;

          charset=utf-8">

        ---

        <div>Aki Tuomi</div>

        <div>Dovecot oy</div>

      </div>

      <div><br>

      </div>

      <div style="font-size:100%;color:#000000"><!-- originalMessage -->

        <div>-------- Original message --------</div>

        <div>From: Eric Toombs <a class="moz-txt-link-rfc2396E" href="mailto:ewtoombs@uwaterloo.ca"><ewtoombs@uwaterloo.ca></a> </div>

        <div>Date: 16/07/2018 08:41 (GMT+02:00) </div>

        <div>To: <a class="moz-txt-link-abbreviated" href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a> </div>

        <div>Subject: ssl_dh required, even though DH is disabled. </div>

        <div><br>

        </div>

      </div>

      Here's my config:<br>

      <br>

      # 2.3.2 (582970113): /etc/dovecot/dovecot.conf<br>

      # OS: Linux 4.17.5-1-ARCH x86_64 Arch Linux<br>

      # Hostname: vault<br>

      passdb {<br>

        driver = pam<br>

      }<br>

      protocols = imap<br>

      service imap-login {<br>

        inet_listener imap {<br>

          port = 0<br>

        }<br>

      }<br>

      ssl = required<br>

      ssl_cert = </etc/letsencrypt/live/myhostname.com/fullchain.pem<br>

      ssl_cipher_list =<br>

ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384<br>

      ssl_key =  # hidden, use -P to show it<br>

      ssl_min_protocol = TLSv1.2<br>

      <br>

      My filesystem is ext4.<br>

      <br>

      Even though I use ssl_cipher_list to forbid DH, dovecot still

      doesn't<br>

      work unless I provide an ssl_dh, delivering the following error:<br>

      <br>

      <br>

      Jul 14 21:48:08 vault dovecot[8349]: imap-login: Error: Failed to<br>

      initialize SSL server context: Couldn't parse DH parameters:<br>

      error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting:

      DH<br>

      PARAMETERS: user=<>, rip=10.0.0.1, lip=10.0.0.2,

      session=<4sGi5/9w3pwKAAAB><br>

      <br>

      While providing an ssl_dh is only a minor annoyance, it would be

      nice if<br>

      I didn't have to.<br>

    </blockquote>

    <br>

  </body>

</html>