<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
ssl_dh is required from 2.3.0-2.3.2. From 2.3.3 onwards its optional. You can rm the ssl-parameters.dat file to get rid of that warning.
</div>
<div>
<br>
</div>
<div>
Aki
</div>
<blockquote type="cite">
<div>
On 16 March 2019 12:50 sergio via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
<a href="https://wiki.dovecot.org/SSL/DovecotConfiguration" rel="noopener" target="_blank">https://wiki.dovecot.org/SSL/DovecotConfiguration</a> says:
</div>
<div>
<br>
</div>
<div>
"Since v2.3.3+ Diffie-Hellman parameters have been made optional, and
</div>
<div>
you are encouraged to disable non-ECC DH algorithms completely."
</div>
<div>
<br>
</div>
<div>
and a bit later:
</div>
<div>
"From version 2.3, you must specify path to DH parameters file using
</div>
<div>
ssl_dh=</path/to/dh.pem"
</div>
<div>
<br>
</div>
<div>
So.
</div>
<div>
<br>
</div>
<div>
1. Is ssl_dh an optional or a must?
</div>
<div>
<br>
</div>
<div>
2. I've disabled ssl_dh in my config. Dovecot works fine except it shows
</div>
<div>
warnings:
</div>
<div>
<br>
</div>
<div>
doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
</div>
<div>
doveconf: Warning: You can generate it with: dd ...
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
I'm using dovecot version 2.3.4.1-1~bpo9+1 from debian stretch-backports
</div>
<div>
<br>
</div>
<div>
--
</div>
<div>
sergio.
</div>
</blockquote>
<div>
<br>
</div>
<div class="io-ox-signature">
<pre>---
Aki Tuomi</pre>
</div>
</body>
</html>