Finally got around to bumping my home server to Buster (Debian 10). Only one hitch and it's Dovecot again. The new version of Dovecot requires a large (minimum 2048-bit) DH key. The upgrade process does not have the decency to generate this key and the instructions provided are incorrect. They generate a DH key ~half the minimum size Dovecot 2.3 requires. Specifically:
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem should be dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam 2048 -inform der > /etc/dovecot/dh.pem to generate a dh.pem of requisite size. Merging the private and public SSL certificates into a single file may also be necessary. -- Rich Pieri _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
