> On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dove...@reub.net> > wrote: > > > Hi again, > > Chasing down one last problem which seems to have been missed from my > last email: > > On 20/10/2017 9:22 PM, Stephan Bosch wrote: > > > > > > Op 20-10-2017 om 4:23 schreef Reuben Farrelly: > >> On 18/10/2017 11:40 PM, Timo Sirainen wrote: > >>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dove...@reub.net> > >>> wrote: > > This problem below is still present in 2.3 -git, as of version 2.3.devel > (6fc40674e) > > >>> Secondly, this ssl_dh messages is always printed from doveconf: > >>> > >>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem > >>> doveconf: Warning: You can generate it with: dd > >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > >>> -inform der > /etc/dovecot/dh.pem > >>> > >>> Yet the file is there: > >>> > >>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem > >>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem > >>> > >>> And the config is there as well: > >>> > >>> thunderstorm dovecot # doveconf -P | grep ssl_dh > >>> ssl_dh = </etc/dovecot/dh.pem > >>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem > >>> doveconf: Warning: You can generate it with: dd > >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > >>> -inform der > /etc/dovecot/dh.pem > >>> ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ssl_dh = -----BEGIN DH PARAMETERS----- > >>> thunderstorm dovecot # > >>> > >>> It appears that this warning is being triggered by the presence of > >>> the ssl-parameters.dat file because when I remove it the warning > >>> goes away. Perhaps the warning could be made a bit more specific > >>> about this file being removed if it is not required because at the > >>> moment the warning message is not related to the trigger. > >>> > >>> Thanks, > >>> Reuben > > > > Thanks, > Reuben
It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file. Aki
