J. Sommersberg
2021-Apr-27 15:02 UTC
How to omit the DH parameter in v2.3.3+ ( as stated in 'Upgrading Dovecot v2.2 to v2.3' )
Hi, i just finished tuning my dovecot setup after upgrading to 2.3.7.2. I needed to add the "ssl_dh =? parameter to my config as stated in the online docs at dovecot.org <http://dovecot.org/>. That was no problem and is well documented there and the hint in the log on startup also helped to quickly identify the problem. After that i was curious and read more and did a lot of research. But i just could not find out how to ?omit? the DH parameter as stated in the online docs: https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/ <https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/> It says : ?Since v2.3.3+ DH parameter usage is optional and can be omitted.? I trried it in different ways. First i disallowed DH on the ssl_cipher_list like it was suggested in the example in this doc. But it will still give Errors on startup/reload of dovecot. Next i tried ssl_dh = that also did not work. I could not figure out how to ?omit? the DH parameter. Is it just my misinterpretation of the config doc? thanks for clarifying Best regards joerg -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20210427/cdd35b1a/attachment.html>
Aki Tuomi
2021-Apr-27 16:08 UTC
How to omit the DH parameter in v2.3.3+ ( as stated in 'Upgrading Dovecot v2.2 to v2.3' )
> On 27/04/2021 18:02 J. Sommersberg <not1long at gmx.de> wrote: > > > Hi, > > i just finished tuning my dovecot setup after upgrading to 2.3.7.2. > I needed to add the "ssl_dh =? parameter to my config as stated in the online docs at dovecot.org (http://dovecot.org). > That was no problem and is well documented there and the hint in the log on startup also helped to quickly identify the problem. > > After that i was curious and read more and did a lot of research. > But i just could not find out how to ?omit? the DH parameter as stated in the online docs: > https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/ > > It says : > ?Since v2.3.3+ DH parameter usage is optional and can be omitted.? > > I trried it in different ways. > First i disallowed DH on the ssl_cipher_list like it was suggested in the example in this doc. > But it will still give Errors on startup/reload of dovecot. > > Next i tried > ssl_dh > that also did not work. > > I could not figure out how to ?omit? the DH parameter. > > Is it just my misinterpretation of the config doc? > > thanks for clarifying > > Best regards > > joerg > >Hi! Can you share the errors you receive? You can simply leave the setting away, and not set it. Remember to remove /var/lib/dovecot/ssl-params.dat too. Aki