Tuomi, Aki
2018-Nov-13 05:06 UTC
New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
Actually you need to use ssl_dh=</usr/local/etc/dovecot/dh.pemNote the <Aki -------- Original message --------From: "Michael A. Peters" <mpeters at domblogger.net> Date: 13/11/2018 05:44 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters" tryopenssl dhparam -out /usr/local/etc/dovecot/dh.pem 2048On 11/12/2018 07:28 PM, James Brown wrote:> I?m setting up Dovecot using Homebrew on a new server and am getting > this when I try to login via IMAP:> > Nov 13 14:13:35 auth: Debug: auth client connected (pid=30719)> Nov 13 14:13:35 imap-login: Info: Aborted login (no auth attempts in 0 > secs): user=<>, rip=::1, lip=::1, secured, > session=<gM0HNIN6HtoAAAAAAAAAAAAAAAAAAAAB>> Nov 13 14:18:33 auth: Debug: Loading modules from directory: > /usr/local/Cellar/dovecot/2.3.2.1/lib/dovecot/auth> Nov 13 14:18:33 auth: Debug: Module loaded: > /usr/local/Cellar/dovecot/2.3.2.1/lib/dovecot/auth/lib20_auth_var_expand_crypt.so> Nov 13 14:18:33 auth: Debug: Read auth token secret from > /usr/local/var/run/dovecot/auth-token-secret.dat> Nov 13 14:18:33 auth: Debug: auth client connected (pid=30848)> Nov 13 14:18:33 imap-login: Error: Failed to initialize SSL server > context: Couldn't parse DH parameters: error:0906D06C:PEM > routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS: user=<>, > rip=::1, lip=::1, secured, session=<q7TJRYN6RdoAAAAAAAAAAAAAAAAAAAAB>> Nov 13 14:18:33 imap-login: Info: Disconnected: TLS initialization > failed. (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, > secured, session=<q7TJRYN6RdoAAAAAAAAAAAAAAAAAAAAB>> > I?ve used:> > Openssl gendh 2048> > And put the output:> > -----BEGIN DH PARAMETERS-----> MIIBCAKCAQEA0IF7kQX32IJFm/5HEVwYf7Be4G9iY86MvLiFLL3wHGqcPT3EMsIv> YSe5XOT0Q7DGXPOZ+DLlJq8KDHxWKNI6j/0ZaRBrF38CWj8Jqxa8pqo9FVSWj45b> JwSLqBSoBIEFWibqSE6L8wlV8xjMsB34xLHduJDNbaBzsooN749CopTkmkuGeXKH> waOEbDzlOq+qHEa4bjx2/e/TnPj0kCrMnfeU4QILo1rJwuN4nY6k7fGwgEDVa2hE> oOrVfJxxxxxxxxxyyyyyuuuixxxxblahblahblahhhkkkkkkkkkkkkXCGsxhlDQO> QmzOhHqPovzbBByO9iR5fu3xbNm9YRxPowIBAg==> -----END DH PARAMETERS??> > Into a file dh.pem and then added> > ssl_dh=/usr/local/etc/dovecot/dh.pem> > To my dovecot.conf file.> > Reloaded Dovecot but still get the same?error.> > Any suggestions?> > macOS 10.13.6, Dovecot 2.3.2.1> > Any suggestions?> > Thanks,> > James. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20181113/1b8a1db9/attachment.html>
James Brown
2018-Nov-13 05:13 UTC
New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
Ah? that?s better! No error now. Thanks Aki.> On 13 Nov 2018, at 4:06 pm, Tuomi, Aki <aki.tuomi at open-xchange.com> wrote: > > Actually you need to use ssl_dh=< > /usr/local/etc/dovecot/dh.pem > > Note the < > > Aki > > -------- Original message -------- > From: "Michael A. Peters" <mpeters at domblogger.net> > Date: 13/11/2018 05:44 (GMT+02:00) > To: dovecot at dovecot.org > Subject: Re: New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters" > > try > > openssl dhparam -out /usr/local/etc/dovecot/dh.pem 2048 > > On 11/12/2018 07:28 PM, James Brown wrote: > > I?m setting up Dovecot using Homebrew on a new server and am getting > > this when I try to login via IMAP: > > > > Nov 13 14:13:35 auth: Debug: auth client connected (pid=30719) > > Nov 13 14:13:35 imap-login: Info: Aborted login (no auth attempts in 0 > > secs): user=<>, rip=::1, lip=::1, secured, > > session=<gM0HNIN6HtoAAAAAAAAAAAAAAAAAAAAB> > > Nov 13 14:18:33 auth: Debug: Loading modules from directory: > > /usr/local/Cellar/dovecot/2.3.2.1/lib/dovecot/auth > > Nov 13 14:18:33 auth: Debug: Module loaded: > > /usr/local/Cellar/dovecot/2.3.2.1/lib/dovecot/auth/lib20_auth_var_expand_crypt.so > > Nov 13 14:18:33 auth: Debug: Read auth token secret from > > /usr/local/var/run/dovecot/auth-token-secret.dat > > Nov 13 14:18:33 auth: Debug: auth client connected (pid=30848) > > Nov 13 14:18:33 imap-login: Error: Failed to initialize SSL server > > context: Couldn't parse DH parameters: error:0906D06C:PEM > > routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS: user=<>, > > rip=::1, lip=::1, secured, session=<q7TJRYN6RdoAAAAAAAAAAAAAAAAAAAAB> > > Nov 13 14:18:33 imap-login: Info: Disconnected: TLS initialization > > failed. (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, > > secured, session=<q7TJRYN6RdoAAAAAAAAAAAAAAAAAAAAB> > > > > I?ve used: > > > > Openssl gendh 2048 > > > > And put the output: > > > > -----BEGIN DH PARAMETERS----- > > MIIBCAKCAQEA0IF7kQX32IJFm/5HEVwYf7Be4G9iY86MvLiFLL3wHGqcPT3EMsIv > > YSe5XOT0Q7DGXPOZ+DLlJq8KDHxWKNI6j/0ZaRBrF38CWj8Jqxa8pqo9FVSWj45b > > JwSLqBSoBIEFWibqSE6L8wlV8xjMsB34xLHduJDNbaBzsooN749CopTkmkuGeXKH > > waOEbDzlOq+qHEa4bjx2/e/TnPj0kCrMnfeU4QILo1rJwuN4nY6k7fGwgEDVa2hE > > oOrVfJxxxxxxxxxyyyyyuuuixxxxblahblahblahhhkkkkkkkkkkkkXCGsxhlDQO > > QmzOhHqPovzbBByO9iR5fu3xbNm9YRxPowIBAg=> > -----END DH PARAMETERS?? > > > > Into a file dh.pem and then added > > > > ssl_dh=/usr/local/etc/dovecot/dh.pem > > > > To my dovecot.conf file. > > > > Reloaded Dovecot but still get the same error. > > > > Any suggestions? > > > > macOS 10.13.6, Dovecot 2.3.2.1 > > > > Any suggestions? > > > > Thanks, > > > > James. >
Apparently Analagous Threads
- New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
- New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
- [Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group
- [Bug 2303] New: ssh (and perhaps even sshd) should allow to specify the minimum DH group sizes for DH GEX
- [Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group