Hi Aki, On 30/10/2017 12:43 AM, Aki Tuomi wrote:>> On October 29, 2017 at 1:55 PM Reuben Farrelly <reuben-dovecot at reub.net> wrote: >> >> >> Hi again, >> >> Chasing down one last problem which seems to have been missed from my >> last email: >> >> On 20/10/2017 9:22 PM, Stephan Bosch wrote: >>> >>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly: >>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote: >>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot at reub.net> >>>>> wrote: >> This problem below is still present in 2.3 -git, as of version 2.3.devel >> (6fc40674e) >> >>>>> Secondly, this ssl_dh messages is always printed from doveconf: >>>>> >>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>> doveconf: Warning: You can generate it with: dd >>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>> -inform der > /etc/dovecot/dh.pem >>>>> >>>>> Yet the file is there: >>>>> >>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem >>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem >>>>> >>>>> And the config is there as well: >>>>> >>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh >>>>> ssl_dh = </etc/dovecot/dh.pem >>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>> doveconf: Warning: You can generate it with: dd >>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>> -inform der > /etc/dovecot/dh.pem >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> ? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>> thunderstorm dovecot # >>>>> >>>>> It appears that this warning is being triggered by the presence of >>>>> the ssl-parameters.dat file because when I remove it the warning >>>>> goes away. Perhaps the warning could be made a bit more specific >>>>> about this file being removed if it is not required because at the >>>>> moment the warning message is not related to the trigger. >>>>> >>>>> Thanks, >>>>> Reuben >> Thanks, >> Reuben > It is triggered when there is ssl-parameters.dat file *AND* there is no ssl_dh=< explicitly set in config file. > > AkiI have this already in my 10-ssl.conf file: lightning dovecot # /etc/init.d/dovecot reload doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh -inform der > /etc/dovecot/dh.pem ?* Reloading dovecot configs and restarting auth/login processes ...????? [ ok ] lightning dovecot # However: lightning dovecot # grep ssl_dh conf.d/10-ssl.conf # gives on startup when ssl_dh is unset. ssl_dh=</etc/dovecot/dh.pem lightning dovecot # and the file is there: lightning dovecot # ls -la /etc/dovecot/dh.pem -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem lightning dovecot # So it is actually configured and yet the warning still is present. Reuben
On 30.10.2017 00:23, Reuben Farrelly wrote:> Hi Aki, > > On 30/10/2017 12:43 AM, Aki Tuomi wrote: >>> On October 29, 2017 at 1:55 PM Reuben Farrelly >>> <reuben-dovecot at reub.net> wrote: >>> >>> >>> Hi again, >>> >>> Chasing down one last problem which seems to have been missed from my >>> last email: >>> >>> On 20/10/2017 9:22 PM, Stephan Bosch wrote: >>>> >>>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly: >>>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote: >>>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot at reub.net> >>>>>> wrote: >>> This problem below is still present in 2.3 -git, as of version >>> 2.3.devel >>> (6fc40674e) >>> >>>>>> Secondly, this ssl_dh messages is always printed from doveconf: >>>>>> >>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>>> doveconf: Warning: You can generate it with: dd >>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>>> -inform der > /etc/dovecot/dh.pem >>>>>> >>>>>> Yet the file is there: >>>>>> >>>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem >>>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem >>>>>> >>>>>> And the config is there as well: >>>>>> >>>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh >>>>>> ssl_dh = </etc/dovecot/dh.pem >>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>>> doveconf: Warning: You can generate it with: dd >>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>>> -inform der > /etc/dovecot/dh.pem >>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>> thunderstorm dovecot # >>>>>> >>>>>> It appears that this warning is being triggered by the presence of >>>>>> the ssl-parameters.dat file because when I remove it the warning >>>>>> goes away. Perhaps the warning could be made a bit more specific >>>>>> about this file being removed if it is not required because at the >>>>>> moment the warning message is not related to the trigger. >>>>>> >>>>>> Thanks, >>>>>> Reuben >>> Thanks, >>> Reuben >> It is triggered when there is ssl-parameters.dat file *AND* there is >> no ssl_dh=< explicitly set in config file. >> >> Aki > > I have this already in my 10-ssl.conf file: > > lightning dovecot # /etc/init.d/dovecot reload > doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem > doveconf: Warning: You can generate it with: dd > if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh > -inform der > /etc/dovecot/dh.pem > ?* Reloading dovecot configs and restarting auth/login processes > ...????? [ ok ] > lightning dovecot # > > However: > > lightning dovecot # grep ssl_dh conf.d/10-ssl.conf > # gives on startup when ssl_dh is unset. > ssl_dh=</etc/dovecot/dh.pem > lightning dovecot # > > and the file is there: > > lightning dovecot # ls -la /etc/dovecot/dh.pem > -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem > lightning dovecot # > > So it is actually configured and yet the warning still is present. > > ReubenHi! I gave this a try, and I was not able to repeat this issue. Perhaps you are still missing ssl_dh somewhere? Aki
On 30.10.2017 09:10, Aki Tuomi wrote:> > > On 30.10.2017 00:23, Reuben Farrelly wrote: >> Hi Aki, >> >> On 30/10/2017 12:43 AM, Aki Tuomi wrote: >>>> On October 29, 2017 at 1:55 PM Reuben Farrelly >>>> <reuben-dovecot at reub.net> wrote: >>>> >>>> >>>> Hi again, >>>> >>>> Chasing down one last problem which seems to have been missed from my >>>> last email: >>>> >>>> On 20/10/2017 9:22 PM, Stephan Bosch wrote: >>>>> >>>>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly: >>>>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote: >>>>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot at reub.net> >>>>>>> wrote: >>>> This problem below is still present in 2.3 -git, as of version >>>> 2.3.devel >>>> (6fc40674e) >>>> >>>>>>> Secondly, this ssl_dh messages is always printed from doveconf: >>>>>>> >>>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>>>> doveconf: Warning: You can generate it with: dd >>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>>>> -inform der > /etc/dovecot/dh.pem >>>>>>> >>>>>>> Yet the file is there: >>>>>>> >>>>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem >>>>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem >>>>>>> >>>>>>> And the config is there as well: >>>>>>> >>>>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh >>>>>>> ssl_dh = </etc/dovecot/dh.pem >>>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >>>>>>> doveconf: Warning: You can generate it with: dd >>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >>>>>>> -inform der > /etc/dovecot/dh.pem >>>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> ?? ssl_dh = -----BEGIN DH PARAMETERS----- >>>>>>> thunderstorm dovecot # >>>>>>> >>>>>>> It appears that this warning is being triggered by the presence of >>>>>>> the ssl-parameters.dat file because when I remove it the warning >>>>>>> goes away. Perhaps the warning could be made a bit more specific >>>>>>> about this file being removed if it is not required because at the >>>>>>> moment the warning message is not related to the trigger. >>>>>>> >>>>>>> Thanks, >>>>>>> Reuben >>>> Thanks, >>>> Reuben >>> It is triggered when there is ssl-parameters.dat file *AND* there is >>> no ssl_dh=< explicitly set in config file. >>> >>> Aki >> >> I have this already in my 10-ssl.conf file: >> >> lightning dovecot # /etc/init.d/dovecot reload >> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem >> doveconf: Warning: You can generate it with: dd >> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh >> -inform der > /etc/dovecot/dh.pem >> ?* Reloading dovecot configs and restarting auth/login processes >> ...????? [ ok ] >> lightning dovecot # >> >> However: >> >> lightning dovecot # grep ssl_dh conf.d/10-ssl.conf >> # gives on startup when ssl_dh is unset. >> ssl_dh=</etc/dovecot/dh.pem >> lightning dovecot # >> >> and the file is there: >> >> lightning dovecot # ls -la /etc/dovecot/dh.pem >> -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem >> lightning dovecot # >> >> So it is actually configured and yet the warning still is present. >> >> Reuben > > Hi! > > I gave this a try, and I was not able to repeat this issue. Perhaps you > are still missing ssl_dh somewhere? > > Aki >Hello Just a guess, but at this point I would recommend reviewing the output of "doveconf -n" to make sure the appropriate settings are present. br, Teemu
Seemingly Similar Threads
- dovecot-2.3 (-git) Warning and Fatal Compile Error
- dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)
- dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)
- dovecot-2.3 (-git) Warning and Fatal Compile Error
- dovecot-2.3 (-git) Warning (Was Re: dovecot Digest, Vol 174, Issue 64)