<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Apple Color Emoji";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">There have been multiple submitted fixes to this, I submitted a fix to Redhat myself. And they are not willing to add it to their EL7 at this point.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">dovecot <dovecot-bounces@dovecot.org> on behalf of Brad Partin <bpartin2009@gmail.com><br>
<b>Date: </b>Thursday, August 19, 2021 at 12:39 PM<br>
<b>To: </b>"dovecot@dovecot.org" <dovecot@dovecot.org><br>
<b>Subject: </b>ssl_params error on RHEL7 FIPS enabled <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:14.0pt;color:black;background:yellow">[External Email]</span></b><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:13.0pt"> </span></b><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">All, <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The machine I’m running dovecot on is:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">RHEL7.9 3.10.0-1160.31.1.el7.x86_64<o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">I can run Systemctl restart dovecot then status or<o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">/usr/libexec/dovecot/ssl-params and I get the following error.<o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">Info: Generating SSL parameters<o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">Fatal: ssl_iostream_generate_params(4096) failed: DH_generate_parameters(bits=512, gen=2) failed: error:0506A06E:lib(5):func(106):reason(110), error 0506A003:lib(5):func(106):reason(3)<o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">Error: child process failed with status 22784<o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">I can generate a diffie-hellman pem with <o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">openssl dhparam -out /etc/dovecot/dh.pem 4096<o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">But dovecot 2.2.36 does not have the option of telling it where the dh.pem file is located in the config like version 2.3 does. <o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">Is my error related to FIPS and is there a way around it? <o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">My dovecot version is:<o:p></o:p></span></p>
<p class="MsoNormal" style="-webkit-text-size-adjust: auto;caret-color: rgb(0, 0, 0)">
<span style="color:black">Dovecot version 2.2.36 release 8.el7<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks in advance to anyone willing to help out, I know it’s voluntary
<span style="font-family:"Apple Color Emoji"">🙏</span><br>
<br>
Thanks,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">bpartin2009<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Sent from my iPhone<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>