On 30.10.2017 00:23, Reuben Farrelly wrote: > Hi Aki, > > On 30/10/2017 12:43 AM, Aki Tuomi wrote: >>> On October 29, 2017 at 1:55 PM Reuben Farrelly >>> <reuben-dove...@reub.net> wrote: >>> >>> >>> Hi again, >>> >>> Chasing down one last problem which seems to have been missed from my >>> last email: >>> >>> On 20/10/2017 9:22 PM, Stephan Bosch wrote: >>>> >>>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly: >>>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote: >>>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dove...@reub.net> >>>>>> wrote: >>> This problem below is still present in 2.3 -git, as of version >>> 2.3.devel >>> (6fc40674e) >>> >>>>>> Secondly, this ssl_dh messages is always printed from doveconf: >>>>>> >>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>>> doveconf: Warning: You can generate it with: dd >>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>>> -inform der > /etc/dovecot/dh.pem >>>>>> >>>>>> Yet the file is there: >>>>>> >>>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem >>>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem >>>>>> >>>>>> And the config is there as well: >>>>>> >>>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh >>>>>> ssl_dh = </etc/dovecot/dh.pem >>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>>> doveconf: Warning: You can generate it with: dd >>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>>> -inform der > /etc/dovecot/dh.pem >>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> thunderstorm dovecot # >>>>>> >>>>>> It appears that this warning is being triggered by the presence of >>>>>> the ssl-parameters.dat file because when I remove it the warning >>>>>> goes away. Perhaps the warning could be made a bit more specific >>>>>> about this file being removed if it is not required because at the >>>>>> moment the warning message is not related to the trigger. >>>>>> >>>>>> Thanks, >>>>>> Reuben >>> Thanks, >>> Reuben >> It is triggered when there is ssl-parameters.dat file *AND* there is >> no ssl_dh=< explicitly set in config file. >> >> Aki > > I have this already in my 10-ssl.conf file: > > lightning dovecot # /etc/init.d/dovecot reload > doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem > doveconf: Warning: You can generate it with: dd > if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > -inform der > /etc/dovecot/dh.pem > * Reloading dovecot configs and restarting auth/login processes > ... [ ok ] > lightning dovecot # > > However: > > lightning dovecot # grep ssl_dh conf.d/10-ssl.conf > # gives on startup when ssl_dh is unset. > ssl_dh=</etc/dovecot/dh.pem > lightning dovecot # > > and the file is there: > > lightning dovecot # ls -la /etc/dovecot/dh.pem > -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem > lightning dovecot # > > So it is actually configured and yet the warning still is present. > > Reuben
Hi! I gave this a try, and I was not able to repeat this issue. Perhaps you are still missing ssl_dh somewhere? Aki