Hi again, Chasing down one last problem which seems to have been missed from my last email: On 20/10/2017 9:22 PM, Stephan Bosch wrote:> > > Op 20-10-2017 om 4:23 schreef Reuben Farrelly: >> On 18/10/2017 11:40 PM, Timo Sirainen wrote: >>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot at reub.net> >>> wrote:This problem below is still present in 2.3 -git, as of version 2.3.devel (6fc40674e)>>> Secondly, this ssl_dh messages is always printed from doveconf: >>> >>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>> doveconf: Warning: You can generate it with: dd >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>> -inform der > /etc/dovecot/dh.pem >>> >>> Yet the file is there: >>> >>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem >>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem >>> >>> And the config is there as well: >>> >>> thunderstorm dovecot # doveconf -P | grep ssl_dh >>> ssl_dh = </etc/dovecot/dh.pem >>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>> doveconf: Warning: You can generate it with: dd >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>> -inform der > /etc/dovecot/dh.pem >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>> thunderstorm dovecot # >>> >>> It appears that this warning is being triggered by the presence of >>> the ssl-parameters.dat file because when I remove it the warning >>> goes away. Perhaps the warning could be made a bit more specific >>> about this file being removed if it is not required because at the >>> moment the warning message is not related to the trigger. >>> >>> Thanks, >>> Reuben >Thanks, Reuben
> On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dovecot at reub.net> wrote: > > > Hi again, > > Chasing down one last problem which seems to have been missed from my > last email: > > On 20/10/2017 9:22 PM, Stephan Bosch wrote: > > > > > > Op 20-10-2017 om 4:23 schreef Reuben Farrelly: > >> On 18/10/2017 11:40 PM, Timo Sirainen wrote: > >>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot at reub.net> > >>> wrote: > > This problem below is still present in 2.3 -git, as of version 2.3.devel > (6fc40674e) > > >>> Secondly, this ssl_dh messages is always printed from doveconf: > >>> > >>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem > >>> doveconf: Warning: You can generate it with: dd > >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > >>> -inform der > /etc/dovecot/dh.pem > >>> > >>> Yet the file is there: > >>> > >>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem > >>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem > >>> > >>> And the config is there as well: > >>> > >>> thunderstorm dovecot # doveconf -P | grep ssl_dh > >>> ssl_dh = </etc/dovecot/dh.pem > >>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem > >>> doveconf: Warning: You can generate it with: dd > >>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > >>> -inform der > /etc/dovecot/dh.pem > >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- > >>> ? ssl_dh = -----BEGIN DH PARAMETERS----- > >>> thunderstorm dovecot # > >>> > >>> It appears that this warning is being triggered by the presence of > >>> the ssl-parameters.dat file because when I remove it the warning > >>> goes away. Perhaps the warning could be made a bit more specific > >>> about this file being removed if it is not required because at the > >>> moment the warning message is not related to the trigger. > >>> > >>> Thanks, > >>> Reuben > > > > Thanks, > ReubenIt is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file. Aki
Hi Aki, On 30/10/2017 12:43 AM, Aki Tuomi wrote:>> On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dovecot at reub.net> wrote: >> >> >> Hi again, >> >> Chasing down one last problem which seems to have been missed from my >> last email: >> >> On 20/10/2017 9:22 PM, Stephan Bosch wrote: >>> >>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly: >>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote: >>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot at reub.net> >>>>> wrote: >> This problem below is still present in 2.3 -git, as of version 2.3.devel >> (6fc40674e) >> >>>>> Secondly, this ssl_dh messages is always printed from doveconf: >>>>> >>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>> doveconf: Warning: You can generate it with: dd >>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>> -inform der > /etc/dovecot/dh.pem >>>>> >>>>> Yet the file is there: >>>>> >>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem >>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem >>>>> >>>>> And the config is there as well: >>>>> >>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh >>>>> ssl_dh = </etc/dovecot/dh.pem >>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>> doveconf: Warning: You can generate it with: dd >>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>> -inform der > /etc/dovecot/dh.pem >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> thunderstorm dovecot # >>>>> >>>>> It appears that this warning is being triggered by the presence of >>>>> the ssl-parameters.dat file because when I remove it the warning >>>>> goes away. Perhaps the warning could be made a bit more specific >>>>> about this file being removed if it is not required because at the >>>>> moment the warning message is not related to the trigger. >>>>> >>>>> Thanks, >>>>> Reuben >> Thanks, >> Reuben > It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file. > > AkiI have this already in my 10-ssl.conf file: lightning dovecot # /etc/init.d/dovecot reload doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem ?* Reloading dovecot configs and restarting auth/login processes ...????? [ ok ] lightning dovecot # However: lightning dovecot # grep ssl_dh conf.d/10-ssl.conf # gives on startup when ssl_dh is unset. ssl_dh=</etc/dovecot/dh.pem lightning dovecot # and the file is there: lightning dovecot # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem lightning dovecot # So it is actually configured and yet the warning still is present. Reuben
Reasonably Related Threads
- dovecot-2.3 (-git) Warning and Fatal Compile Error
- dovecot-2.3 (-git) Warning and Fatal Compile Error
- dovecot-2.3 (-git) Warning and Fatal Compile Error
- dovecot-2.3 (-git) Warning and Fatal Compile Error
- dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)