similar to: ssl_dh required, even though DH is disabled.

Here's my config: # 2.3.2 (582970113): /etc/dovecot/dovecot.conf # OS: Linux 4.17.5-1-ARCH x86_64 Arch Linux # Hostname: vault passdb { ? driver = pam } protocols = imap service imap-login { ? inet_listener imap { ??? port = 0 ? } } ssl = required ssl_cert = </etc/letsencrypt/live/myhostname.com/fullchain.pem ssl_cipher_list =

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> ssl_dh is required from 2.3.0-2.3.2. From 2.3.3 onwards its optional. You can rm the ssl-parameters.dat file to get rid of that warning. </div> <div> <br> </div> <div> Aki </div> <blockquote

I'm subscribed, please reply to list directly. > ssl_dh is required from 2.3.0-2.3.2. From 2.3.3 onwards its optional. > You can rm the ssl-parameters.dat file to get rid of that warning. I have no ssl-parameters.dat file. -- sergio.

On Sat, Mar 16, 2019, at 11:12 PM, sergio via dovecot wrote: > I'm subscribed, please reply to list directly. > > > ssl_dh is required from 2.3.0-2.3.2. From 2.3.3 onwards its optional. > > You can rm the ssl-parameters.dat file to get rid of that warning. > > I have no ssl-parameters.dat file. Did you check /var/lib/dovecot ? -- K

Does ssl_dh need to be manually updated each time the underlying certificate renews? -- 2+2=5 for sufficiently large values of 2.

https://wiki.dovecot.org/SSL/DovecotConfiguration says: "Since v2.3.3+ Diffie-Hellman parameters have been made optional, and you are encouraged to disable non-ECC DH algorithms completely." and a bit later: "From version 2.3, you must specify path to DH parameters file using ssl_dh=</path/to/dh.pem" So. 1. Is ssl_dh an optional or a must? 2. I've disabled ssl_dh

https://bugzilla.mindrot.org/show_bug.cgi?id=2302 --- Comment #13 from Darren Tucker <dtucker at zip.com.au> --- (In reply to Christoph Anton Mitterer from comment #10) [...] > Even though an attacker cannot (AFAIU??) for a connection to > downgrade to the weaker groups, The server's DH-GEX exchange hash includes the DH group sizes it received from the client. If these are

https://bugzilla.mindrot.org/show_bug.cgi?id=2303 Bug ID: 2303 Summary: ssh (and perhaps even sshd) should allow to specify the minimum DH group sizes for DH GEX Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2302 --- Comment #4 from Damien Miller <djm at mindrot.org> --- Comment on attachment 2630 --> https://bugzilla.mindrot.org/attachment.cgi?id=2630 Make the DH-GEX fallback group 4k bit. Where did this group come from? IMO it would be best to use one of the standard groups if we're picking another fixed one - logjam attacks aren't

On Fri 2015-06-12 01:52:54 -0400, Mark D. Baushke wrote: > I have communicated with Allen Roginsky on this topic and I have been given permission to post his response. > > In this message below, the 'vendor' was Darren Tucker's generated prime > that used a generator value of 5. > > -- Mark > > From: "Roginsky, Allen" <allen.roginsky at

there is one more thing that you should probably see: this is the error message that cygrunsrv.exe gave me: Eric at ballistic ~ $ cygrunsrv --start sshd cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062: The service has not been started. this is the error message that "net" gave to me: Eric at ballistic ~ $ net start sshd The CYGWIN sshd service is starting.

On Wed, May 27, 2015 at 05:08:25PM -0400, Daniel Kahn Gillmor wrote: > On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote: > > Hi Folks, > > > > The generator value of 5 does not lead to a q-ordered subgroup which > > is needed to pass tests in > > > > http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf > > I

hello, I'm also developing a ssh application in java and I also got stuck with DH-Key Exchange. I just get to the SSH_MSG_KEXDH_REPLY from the server. But what is he expecting me to send then, as far as I understand the Transport Layer Protcol I should send the SSH_MSG_NEWKEYS message, but that doesn't work. Does anyone know what to send then? (the hint from Markus Friedl with kexdh.c

... is actually old & very well known by the maintainer! there is a bug report for exactly this that is 3 years and 124 days old! http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=165505 I can also add my report to this bug and mention that we need a fixed version for our xen packages, but as it looks for me (at the moment) the maintainer is not really interessted in getting this

http://bugzilla.mindrot.org/show_bug.cgi?id=567 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|critical |major Component|Build system |ssh-keygen Summary|pb at the end of compil with|ssh-keygen: DH parameter

Hi. I've got the following problem with our SSH client library: - client connects to OpenSSH 5.9+ server and they choose hmac-sha2-512 with diffie-hellman-group-exchange-sha256. - client sends MSG_KEX_DH_GEX_REQUEST DH group request with parameters (1024, 1024, 8192). I.e. minimum and preferred group size is 1024-bit, - OpenSSH server in kexgexs.c:kexgex_server processes this message and

With the default openssh configuration, the selected cipher is aes128-ctr. This means that dh_estimate gets called with bits=128, so dh_estimate selects a DH modulus size of 1024 bits. This seems questionable. Since the NSA seems to be sniffing most internet traffic, keeping SSH sessions secure against after-the-fact offline attack matters, and 1024-bit DH is not convincingly secure against

Hi! Is there any possibility to let dovecot serve >1024 Bit DH Parameters at SSL/TLS-connections? Is it possible to replace /var/lib/dovecot/ssl-parameters.ssl with DH-parameter generated by openssl? If not: Are there any plans to implement that? Thank you!

Hello, from my understanding, using 1024bit DH parameters results in a not sufficiently secure key exchange for DH(E). Therefore I think it would be advisable to have parameters of at least 2048bit . In fact, I would see a great benefit in chosing parameter length arbitrarily. I also do not see the benefit of parameter regeneration. What were the design goals here? Thanks, J?rg L?bbert

I'm using SSL for dovecot, and dovecot kindly warned me on startup that I needed the ssl_dh parameter, which I specified: # grep -P '^ssl_dh' /etc/dovecot/conf.d/10-ssl.conf ssl_dh = </etc/dovecot/dh.pem And I generated the file, as specified in the comment: # openssl dhparam -out /etc/dovecot/dh.pem 4096 The file contains the appropriate headers: # grep -P '^\-'