<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 17 December 2018 at 07:08 Aki Tuomi <
<a href="mailto:aki.tuomi@open-xchange.com">aki.tuomi@open-xchange.com</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 17 December 2018 at 00:30 Daniel Miller via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
Don't know if this was corrected in 2.3.4 (haven't upgraded yet but
</div>
<div>
didn't see it in the notes) - but in 2.3.3 I see this in my log:
</div>
<div>
<br>
</div>
<div>
imap-login: Error: Diffie-Hellman key exchange requested, but no DH
</div>
<div>
parameters provided. Set ssh_dh=</path/to/dh.pem
</div>
<div>
<br>
</div>
<div>
So...either there's an undocumented feature of SSH-over-IMAP (that's
</div>
<div>
Dovecot - always on the cutting edge!) or someone had a coffee shortage
</div>
<div>
during a coding session...
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
--
</div>
<div>
Daniel
</div>
<div>
<br>
</div>
</blockquote>
<div>
It's a typo. We made non-ec DH optional in 2.3.4. This means you can remove all non-ec dh crypto algos from cipherlist. This was because ec support is pretty good and generating safe dh parameters takes a very long time, so one can simply stop supporting non-ec dh based algorithms.
</div>
<div>
---
</div>
<div>
Aki Tuomi
</div>
</blockquote>
<div class="io-ox-signature">
And I ment in 2.3.3.
</div>
<div class="io-ox-signature">
<br>
</div>
<div class="io-ox-signature">
---
<br>Aki Tuomi
</div>
</body>
</html>