Displaying 20 results from an estimated 1000 matches similar to: "ssl_dh required, even though DH is disabled."
2018 Aug 03
0
ssl_dh required, even though DH is disabled.
Hi!
This change has now been committed, please find it at
https://github.com/dovecot/core/compare/cd08262%5E...dd6323.patch
Aki
On 16.07.2018 09:53, Aki Tuomi wrote:
> This is a known issue, but thanks for reporting it.
>
>
>
> ---
> Aki Tuomi
> Dovecot oy
>
> -------- Original message --------
> From: Eric Toombs <ewtoombs at uwaterloo.ca>
> Date:
New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
2018 Nov 13
3
New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
I?m setting up Dovecot using Homebrew on a new server and am getting this when I try to login via IMAP:
Nov 13 14:13:35 auth: Debug: auth client connected (pid=30719)
Nov 13 14:13:35 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<gM0HNIN6HtoAAAAAAAAAAAAAAAAAAAAB>
Nov 13 14:18:33 auth: Debug: Loading modules from directory:
New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
2018 Nov 13
1
New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
Actually you need to use ssl_dh=</usr/local/etc/dovecot/dh.pemNote the <Aki
-------- Original message --------From: "Michael A. Peters" <mpeters at domblogger.net> Date: 13/11/2018 05:44 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters" tryopenssl dhparam
2004 Jan 03
2
one more thing i forgot...
there is one more thing that you should probably see:
this is the error message that cygrunsrv.exe gave me:
Eric at ballistic ~
$ cygrunsrv --start sshd
cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
The service has not been started.
this is the error message that "net" gave to me:
Eric at ballistic ~
$ net start sshd
The CYGWIN sshd service is starting.
2018 Feb 19
2
lmtp: Couldn't parse DH parameters
I'm using SSL for dovecot, and dovecot kindly warned me on startup that I
needed the ssl_dh parameter, which I specified:
# grep -P '^ssl_dh' /etc/dovecot/conf.d/10-ssl.conf
ssl_dh = </etc/dovecot/dh.pem
And I generated the file, as specified in the comment:
# openssl dhparam -out /etc/dovecot/dh.pem 4096
The file contains the appropriate headers:
# grep -P '^\-'
New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
2018 Nov 13
0
New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
try
openssl dhparam -out /usr/local/etc/dovecot/dh.pem 2048
On 11/12/2018 07:28 PM, James Brown wrote:
> I?m setting up Dovecot using Homebrew on a new server and am getting
> this when I try to login via IMAP:
>
> Nov 13 14:13:35 auth: Debug: auth client connected (pid=30719)
> Nov 13 14:13:35 imap-login: Info: Aborted login (no auth attempts in 0
> secs): user=<>,
2018 Jan 06
2
TLS problem after upgrading from v2.2 to v2.3
Thanks for your reply; I used the defaults, both before and after the
upgrade, cf. https://wiki2.dovecot.org/Upgrading/2.3 -> Setting default
changes. The new defaults broke the connection.
Jan
> what are your settings?
>
> Mine are below and they work just fine:
>
> ssl_cipher_list =
>
2017 Apr 27
2
confused with ssl settings and some error - need help
Hi,
To default dovecot.conf file I added (based on found documentation):
ssl = required
disable_plaintext_auth = yes #change default 'no' to 'yes'
ssl_prefer_server_ciphers = yes
ssl_options = no_compression
ssl_dh_parameters_length = 2048
ssl_cipher_list =
2018 Jan 08
1
TLS problem after upgrading from v2.2 to v2.3
Jan Vejvalka <jan.vejvalka at lfmotol.cuni.cz> writes:
>> Mine are below and they work just fine:
>>
>> ssl_cipher_list =
>>
2017 Mar 20
1
Deploying Diffie-Hellman for TLS
I have been reading up on TLS and Dovecot and came across this URL:
https://www.weakdh.org/sysadmin.html which recommended these settings
for Dovecot. I would like to know if they are correct? Some much
documentation on the web is pure garbage.
Dovecot
These changes should be made in /etc/dovecot.conf
Cipher Suites
2017 Apr 27
2
confused with ssl settings and some error - need help
Thank You for answers. But:
1. How should be properly configured ssl_cipher_list?
2. Ok, removed !TLSv1 !TLSv1.1.
3. Strange thing with ssl_protocols and ssl_cipher_list, because on older
server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two
lines looks exactly this same and no errors in mail.err file and mailes
works without any problem.
4. No, currently I don't use LMTP.
2016 Mar 10
2
Client-initiated secure renegotiation
On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote:
> On 09-03-16 13:14, djk wrote:
>> On 09/03/16 10:44, Florent B wrote:
>>> Hi,
>>>
>>> I don't see any SSL configuration option in Dovecot to disable
>>> "Client-initiated secure renegotiation".
>>>
>>> It is advised to disable it as it can
2020 Jun 12
1
Read-flag of mails don't update
Am 11.06.20 um 18:08 schrieb @lbutlr:
> On 10 Jun 2020, at 23:19, @lbutlr <kremels at kreme.com> wrote:
>> On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote:
>>> IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.
>>
>> Apologies, I did not see the attachments. Will
2020 Jan 23
3
PJSIP and Grandstream Wave with TSL and SRTP
On Thursday, January 23, 2020 11:31:46 PM CET Sean Bright wrote:
> On 1/21/2020 9:18 PM, hw wrote:
> > [transport-tls]
> > type = transport
> > protocol = tls
> > bind = 0.0.0.0:5061
> > tos = cs5
> > cert_file = /etc/asterisk/cert/asterisk.pem
> > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt
> > method = sslv23
>
> This is what mine
2018 May 09
1
possible to disable dh_key/ssl-parameters.dat generation when only using ECDHE ciphers.
Hi,
I want to disable dh_key/ssl-parameters.dat entirely since i'm only using
ECDHE ciphers.
> # 2.2.34 (874deae): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
# Hostname: somehost.com
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_cache_ttl = 1 days
auth_username_chars =
2017 Aug 23
3
socketpair failed: Too many open files on Debian 9
Hi @all,
after re-installing one of my two frontends/proxy-servers I get the
following error messages after some time (sometimes after 1h, sometimes
after 24h):
11:23:55 imap-login: Error: socketpair() failed: Too many open files
11:23:55 imap-login: Error: socketpair() failed: Too many open files
11:23:56 imap-login: Error: socketpair() failed: Too many open files
11:23:56 imap-login: Error:
2017 Aug 23
2
socketpair failed: Too many open files on Debian 9
I haven't done this on the old, working machine.
So there must be a difference between Debian 7 and 9 how open files are
handled?
Regards
Patrick
Aki Tuomi schrieb:
> You probably need to increase ulimit -n
>
> Aki
>
>
> On 23.08.2017 14:10, Patrick Westenberg wrote:
>> Hi @all,
>>
>> after re-installing one of my two frontends/proxy-servers I get
2020 Aug 25
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
I've
dovecot --version
2.3.10.1 (a3d0e1171)
openssl version
OpenSSL 1.1.1g FIPS 21 Apr 2020
, atm on Fedora32.
I configure
/etc/pki/tls/openssl.cnf
to set preferences for apps' usage, e.g. Postfix etc; Typically, here
cat /etc/pki/tls/openssl.cnf
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
2020 Jun 24
2
SSL-Question
Hello!
I edit .pem file and now is the same as you specifie, but not work.
Error.log display:
[2020-06-24 12:54:54] INFO main/main.c Icecast 2.4.4 server started
[2020-06-24 12:54:54] DBUG yp/yp.c Updating YP configuration
[2020-06-24 12:54:54] INFO yp/yp.c YP update thread started
[2020-06-24 12:54:55] INFO connection/connection.c SSL certificate found
at icecast.pem
[2020-06-24 12:54:55]
2018 Sep 07
1
Auth process sometimes stop responding after upgrade
Hi all;
I've upgraded a ring of dovecot directors from 2.2.15 to 2.2.36. After the
upgrade I've got some instability: a few time per day per server, seemly at
random, the auth process stop responding and the clients cannot authenticate
any more:
Sep 6 14:45:51 imap-front13 dovecot: pop3-login: Warning: Auth process not
responding, delayed sending initial response (greeting):