<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi!</p>
<p>This change has now been committed, please find it at
<a class="moz-txt-link-freetext" href="https://github.com/dovecot/core/compare/cd08262%5E...dd6323.patch">https://github.com/dovecot/core/compare/cd08262%5E...dd6323.patch</a><br>
</p>
Aki<br>
<br>
<div class="moz-cite-prefix">On 16.07.2018 09:53, Aki Tuomi wrote:<br>
</div>
<blockquote type="cite"
cite="mid:20180716065357.409082AEF43@talvi.dovecot.org">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div>This is a known issue, but thanks for reporting it.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div id="composer_signature">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
---
<div>Aki Tuomi</div>
<div>Dovecot oy</div>
</div>
<div><br>
</div>
<div style="font-size:100%;color:#000000"><!-- originalMessage -->
<div>-------- Original message --------</div>
<div>From: Eric Toombs <a class="moz-txt-link-rfc2396E" href="mailto:ewtoombs@uwaterloo.ca"><ewtoombs@uwaterloo.ca></a> </div>
<div>Date: 16/07/2018 08:41 (GMT+02:00) </div>
<div>To: <a class="moz-txt-link-abbreviated" href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a> </div>
<div>Subject: ssl_dh required, even though DH is disabled. </div>
<div><br>
</div>
</div>
Here's my config:<br>
<br>
# 2.3.2 (582970113): /etc/dovecot/dovecot.conf<br>
# OS: Linux 4.17.5-1-ARCH x86_64 Arch Linux<br>
# Hostname: vault<br>
passdb {<br>
driver = pam<br>
}<br>
protocols = imap<br>
service imap-login {<br>
inet_listener imap {<br>
port = 0<br>
}<br>
}<br>
ssl = required<br>
ssl_cert = </etc/letsencrypt/live/myhostname.com/fullchain.pem<br>
ssl_cipher_list =<br>
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384<br>
ssl_key = # hidden, use -P to show it<br>
ssl_min_protocol = TLSv1.2<br>
<br>
My filesystem is ext4.<br>
<br>
Even though I use ssl_cipher_list to forbid DH, dovecot still
doesn't<br>
work unless I provide an ssl_dh, delivering the following error:<br>
<br>
<br>
Jul 14 21:48:08 vault dovecot[8349]: imap-login: Error: Failed to<br>
initialize SSL server context: Couldn't parse DH parameters:<br>
error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting:
DH<br>
PARAMETERS: user=<>, rip=10.0.0.1, lip=10.0.0.2,
session=<4sGi5/9w3pwKAAAB><br>
<br>
While providing an ssl_dh is only a minor annoyance, it would be
nice if<br>
I didn't have to.<br>
</blockquote>
<br>
</body>
</html>