similar to: creation of ssl-parameters fails

> On 19 August 2018 at 20:55 Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > > > On 19 August 2018 at 19:38 Kai Schaetzl <maillists at conactive.com> wrote: > > > > > > Aki Tuomi wrote on Sun, 19 Aug 2018 18:21:31 +0300: > > > > > Just generate new parameters on some machine with good entropy source. > > > > So, if

I did that the last time one year ago, now on another machine with the same software (Ubuntu 16.04) it fails. openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem last command fails with 681+0 records in 681+0 records out 681 bytes copied, 0,00278343 s, 245 kB/s unable to load

> On 19 August 2018 at 19:38 Kai Schaetzl <maillists at conactive.com> wrote: > > > Aki Tuomi wrote on Sun, 19 Aug 2018 18:21:31 +0300: > > > Just generate new parameters on some machine with good entropy source. > > So, if it fails to transform (although bigger) the machine hasn't enough > entropy (because it's quite new?)? I'm generating now

hi sorry if question was asked already. Was reading https://wiki2.dovecot.org/Upgrading/2.3 first I'm confused on diffie hellman parameters file. I never set up ssl-parameters.dat before (should i have? do I have one that was automatically made for me by dovecot?) Do I need to make a fresh dh.pem? The upgrade doc tells how to convert ssl-parameters.dat but how to make a new one? other

I?m setting up Dovecot using Homebrew on a new server and am getting this when I try to login via IMAP: Nov 13 14:13:35 auth: Debug: auth client connected (pid=30719) Nov 13 14:13:35 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<gM0HNIN6HtoAAAAAAAAAAAAAAAAAAAAB> Nov 13 14:18:33 auth: Debug: Loading modules from directory:

Am 2017-12-12 um 09:56 schrieb Aki Tuomi: > > > On 12.12.2017 02:59, Jakob Sch?rz wrote: >> Hi! [...] > > With v2.3 you are required to provide ssl_dh=</path/to/dh.pem yourself. > > You can generate suitable parameters with openssl gendh 2048 (or 4096). > Make sure you run it on something that has plenty of entropy available, > it will take some time.

Actually you need to use ssl_dh=</usr/local/etc/dovecot/dh.pemNote the <Aki -------- Original message --------From: "Michael A. Peters" <mpeters at domblogger.net> Date: 13/11/2018 05:44 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters" tryopenssl dhparam

On 05/26/2017 08:35 PM, Leon Fauster wrote: >> Am 27.05.2017 um 01:09 schrieb Robert Moskowitz <rgm at htt-consult.com>: >> >> I am use to low random entropy on my arm boards, not an intel. >> >> On my Lenovo x120e, >> >> cat /proc/sys/kernel/random/entropy_avail >> >> reports 3190 bits of entropy. >> >> On my armv7 with

I am use to low random entropy on my arm boards, not an intel. On my Lenovo x120e, cat /proc/sys/kernel/random/entropy_avail reports 3190 bits of entropy. On my armv7 with Centos7 I would get 130 unless I installed rng-tools and then I get ~1300. SSH into one and it drops back to 30! for a few minutes. Sigh. Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am seeing 180.

On 05/28/2017 04:24 AM, Tony Mountifield wrote: > In article <792718e8-f403-1dea-367d-977b157af82c at htt-consult.com>, > Robert Moskowitz <rgm at htt-consult.com> wrote: >> >> On 05/26/2017 08:35 PM, Leon Fauster wrote: >>>> Am 27.05.2017 um 01:09 schrieb Robert Moskowitz <rgm at htt-consult.com>: >>>> >>>> I am use to low

On 28/05/17 23:56, Leon Fauster wrote: >> Am 28.05.2017 um 12:16 schrieb Robert Moskowitz <rgm at htt-consult.com>: >> >> >> >> On 05/28/2017 04:24 AM, Tony Mountifield wrote: >>> In article <792718e8-f403-1dea-367d-977b157af82c at htt-consult.com>, >>> Robert Moskowitz <rgm at htt-consult.com> wrote: >>>> On 05/26/2017

On 29/05/17 15:46, Robert Moskowitz wrote: > > > On 05/28/2017 06:57 PM, Rob Kampen wrote: >> On 28/05/17 23:56, Leon Fauster wrote: >>>> Am 28.05.2017 um 12:16 schrieb Robert Moskowitz <rgm at htt-consult.com>: >>>> >>>> >>>> >>>> On 05/28/2017 04:24 AM, Tony Mountifield wrote: >>>>> In article

Hello list we encounter a weird SSL issue with one of our dovecot (2.2.24 on Centos6) which we can only explain if our assumtion is correct Symptoms are that imaps connections (on port 993) suddenly get veeeery slow. Up to 180s for one connection with openssl s_client The thing we do not understand is that in the same time imap connections with starttls are just 1s. We can see that entropy on the

Hello. I'm a distro maintainer and was wondering about the efficacy of entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the authors of haveged [0] pointed out if the hardware cycles counter is emulated and deterministic, and thus predictible. He therefore does not recommend using HAVEGE on those systems. Is this the case with KVM's counters? PS. I will be setting VM CPU

Quoting Gedalya <gedalya at gedalya.net>: > On 05/27/2015 09:55 AM, Rick Romero wrote: >> Quoting Gedalya <gedalya at gedalya.net>: >> >>> On 05/26/2015 10:37 AM, Ron Leach wrote: >>>> https://weakdh.org/sysadmin.html >>>> >>>> includes altering DH parameters length to 2048, and re-specifying the >>>> allowable

Aki Tuomi wrote on Sun, 19 Aug 2018 20:56:28 +0300 (EEST): > openssl gendh 4096 > params.pem Ok. I then misunderstood what's written at https://wiki.dovecot.org/SSL/DovecotConfiguration I thought I need to create dh.pem in two steps: 1. openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat 2. dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform

All of a sudden yum hangs on a Centos 4.5 (updated to the latest patch before 4.6) when I try to use it. "clean metadata" didn't help. The output of -d5 shows it gets to the point of "Reading Local RPMDB" and then sits there. The process doesn't die, but doesn't seem to do anything from that point on. strace shows this: futex(0xb76dcae8, FUTEX_WAIT, 2, NULL I

On Fri, 22 Jun 2018, Aki Tuomi wrote: >> Do I need to make a fresh dh.pem? The upgrade doc tells how to convert >> ssl-parameters.dat but how to make a new one? > > ... or you can make a fresh one using openssl > gendh 4096 > dh.pem This also works openssl dhparam -out dh.pem 4096 > Note that this will require quite a lot of entropy, so you should > probably

> Am 29.05.2017 um 05:46 schrieb Robert Moskowitz <rgm at htt-consult.com>: > > > > On 05/28/2017 06:57 PM, Rob Kampen wrote: >> On 28/05/17 23:56, Leon Fauster wrote: >>>> Am 28.05.2017 um 12:16 schrieb Robert Moskowitz <rgm at htt-consult.com>: >>>> >>>> >>>> >>>> On 05/28/2017 04:24 AM, Tony

I thought I post this link http://monty-says.blogspot.com/2009/12/help-saving-mysql.html in case anyone isn't aware of this yet and wants to email the EC. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com