On 30.10.2017 09:10, Aki Tuomi wrote: > > > On 30.10.2017 00:23, Reuben Farrelly wrote: >> Hi Aki, >> >> On 30/10/2017 12:43 AM, Aki Tuomi wrote: >>>> On October 29, 2017 at 1:55 PM Reuben Farrelly >>>> <reuben-dove...@reub.net> wrote: >>>> >>>> >>>> Hi again, >>>> >>>> Chasing down one last problem which seems to have been missed from my >>>> last email: >>>> >>>> On 20/10/2017 9:22 PM, Stephan Bosch wrote: >>>>> >>>>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly: >>>>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote: >>>>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dove...@reub.net> >>>>>>> wrote: >>>> This problem below is still present in 2.3 -git, as of version >>>> 2.3.devel >>>> (6fc40674e) >>>> >>>>>>> Secondly, this ssl_dh messages is always printed from doveconf: >>>>>>> >>>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>>>> doveconf: Warning: You can generate it with: dd >>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>>>> -inform der > /etc/dovecot/dh.pem >>>>>>> >>>>>>> Yet the file is there: >>>>>>> >>>>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem >>>>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem >>>>>>> >>>>>>> And the config is there as well: >>>>>>> >>>>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh >>>>>>> ssl_dh = </etc/dovecot/dh.pem >>>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>>>> doveconf: Warning: You can generate it with: dd >>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>>>> -inform der > /etc/dovecot/dh.pem >>>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> thunderstorm dovecot # >>>>>>> >>>>>>> It appears that this warning is being triggered by the presence of >>>>>>> the ssl-parameters.dat file because when I remove it the warning >>>>>>> goes away. Perhaps the warning could be made a bit more specific >>>>>>> about this file being removed if it is not required because at the >>>>>>> moment the warning message is not related to the trigger. >>>>>>> >>>>>>> Thanks, >>>>>>> Reuben >>>> Thanks, >>>> Reuben >>> It is triggered when there is ssl-parameters.dat file *AND* there is >>> no ssl_dh=< explicitly set in config file. >>> >>> Aki >> >> I have this already in my 10-ssl.conf file: >> >> lightning dovecot # /etc/init.d/dovecot reload >> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >> doveconf: Warning: You can generate it with: dd >> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >> -inform der > /etc/dovecot/dh.pem >> * Reloading dovecot configs and restarting auth/login processes >> ... [ ok ] >> lightning dovecot # >> >> However: >> >> lightning dovecot # grep ssl_dh conf.d/10-ssl.conf >> # gives on startup when ssl_dh is unset. >> ssl_dh=</etc/dovecot/dh.pem >> lightning dovecot # >> >> and the file is there: >> >> lightning dovecot # ls -la /etc/dovecot/dh.pem >> -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem >> lightning dovecot # >> >> So it is actually configured and yet the warning still is present. >> >> Reuben > > Hi! > > I gave this a try, and I was not able to repeat this issue. Perhaps you > are still missing ssl_dh somewhere? > > Aki > Hello
Just a guess, but at this point I would recommend reviewing the output of "doveconf -n" to make sure the appropriate settings are present. br, Teemu
