On 20.08.2018 14:32, Kai Schaetzl wrote:
> Aki Tuomi wrote on Sun, 19 Aug 2018 20:56:28 +0300 (EEST):
>
>> openssl gendh 4096 > params.pem
> Ok. I then misunderstood what's written at
> https://wiki.dovecot.org/SSL/DovecotConfiguration
>
> I thought I need to create dh.pem in two steps:
>
> 1.
Aki Tuomi wrote on Sun, 19 Aug 2018 20:56:28 +0300 (EEST):
> openssl gendh 4096 > params.pem
Ok. I then misunderstood what's written at
https://wiki.dovecot.org/SSL/DovecotConfiguration
I thought I need to create dh.pem in two steps:
1. openssl dhparam 4096 >
On 08/19/2018 09:38 AM, Kai Schaetzl wrote:
the machine hasn't enough entropy
I believe you mentioned that you're using Ubuntu. If so, install haveged.
Am 19.08.2018 um 17:08 schrieb Kai Schaetzl:
I did that the last time one year ago, now on another machine with the
same software (Ubuntu 16.04) it fails.
openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam
-inform
> On 19 August 2018 at 20:55 Aki Tuomi wrote:
>
>
>
> > On 19 August 2018 at 19:38 Kai Schaetzl wrote:
> >
> >
> > Aki Tuomi wrote on Sun, 19 Aug 2018 18:21:31 +0300:
> >
> > > Just generate new parameters on some machine with good entropy source.
> >
> > So, if it fails to transform
> On 19 August 2018 at 19:38 Kai Schaetzl wrote:
>
>
> Aki Tuomi wrote on Sun, 19 Aug 2018 18:21:31 +0300:
>
> > Just generate new parameters on some machine with good entropy source.
>
> So, if it fails to transform (although bigger) the machine hasn't enough
> entropy (because it's quite
Well, on that machine it took now more than an hour. But it created the
same 769 bytes file as on the other machines. And, foreseeable, that one
fails to transform as well.
-rw-r--r-- 1 root root 360 Aug 7 2017 ssl-parameters.dat
-rw-r--r-- 1 root root 769 Aug 19 19:25
Aki Tuomi wrote on Sun, 19 Aug 2018 18:21:31 +0300:
> Just generate new parameters on some machine with good entropy source.
So, if it fails to transform (although bigger) the machine hasn't enough
entropy (because it's quite new?)? I'm generating now on the original
machine from last year
Just generate new parameters on some machine with good entropy source.
---Aki TuomiDovecot oy
Original message From: Kai Schaetzl
Date: 19/08/2018 18:08 (GMT+02:00) To: dovecot@dovecot.org Subject: creation
of ssl-parameters fails
I did that the last time one year ago, now
I did that the last time one year ago, now on another machine with the
same software (Ubuntu 16.04) it fails.
openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam
-inform der > /etc/dovecot/dh.pem
last command fails
10 matches
Mail list logo
