<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body><div>Just generate new parameters on some machine with good entropy source.</div><div><br></div><div><br></div><div><br></div><div id="composer_signature"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">---<div>Aki Tuomi</div><div>Dovecot oy</div></div><div><br></div><div style="font-size:100%;color:#000000"><!-- originalMessage --><div>-------- Original message --------</div><div>From: Kai Schaetzl <maillists@conactive.com> </div><div>Date: 19/08/2018 18:08 (GMT+02:00) </div><div>To: dovecot@dovecot.org </div><div>Subject: creation of ssl-parameters fails </div><div><br></div></div>I did that the last time one year ago, now on another machine with the <br>same software (Ubuntu 16.04) it fails.<br><br>openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat<br>dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam <br>-inform der > /etc/dovecot/dh.pem<br>last command fails with<br><br>681+0 records in<br>681+0 records out<br>681 bytes copied, 0,00278343 s, 245 kB/s<br>unable to load DH parameters<br>139858178938624:error:0D0680A8:asn1 encoding <br>routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1129:<br>139858178938624:error:0D07803A:asn1 encoding <br>routines:asn1_item_embed_d2i:nested asn1 <br>error:../crypto/asn1/tasn_dec.c:289:Type=DH<br><br>ssl-parameters.dat is more than double the size as the one that worked.<br>And that one I can still transform:<br><br>272+0 records in<br>272+0 records out<br>272 bytes copied, 0,00105017 s, 259 kB/s<br><br>So, something with<br>openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat<br>must be wrong. But what?<br>https://wiki.dovecot.org/SSL/DovecotConfiguration<br>tells to use this command.<br><br>Thanks!<br><br>Kai<br><br><br><br></body></html>