Daniel, as of 2.3.x, you have to create a dh.pem parameter file unless
you can convert an existing parameter file:
https://wiki.archlinux.org/index.php/dovecot#Generate_DH_parame
ters
To generate a new DH parameters file (this will take
very long):
# openssl dhparam -out /etc/dovecot/dh.pem 4096
then add the file to /etc/dovecot/conf.d/10-ssl.conf
ssl_dh = </etc/dovecot/dh.pem
This creates a file dh.pem. The dh.pem file contains the base g and
modulo p. These parameters define how OpenSSL performs the Diffie-
Hellman (DH) key-exchange.
More light reading:
https://security.stackexchange.com/questions/45963/diffie-hellm
an-key-exchange-in-plain-english
https://security.stackexchange.com/questions/94390/whats-the-pu
rpose-of-dh-parameters
Yes it took a very long time, indeed five hours in my case. But now it
works.
I took a nap and listened to Messiah while it ground away...
Enjoy...
:-)
