Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error ssh_dh=</path/to/dh.pem #294

Open
mikysal78 opened this issue Feb 1, 2020 · 3 comments
Open

error ssh_dh=</path/to/dh.pem #294

mikysal78 opened this issue Feb 1, 2020 · 3 comments
Labels
enhancement

Comments

@mikysal78
Copy link

  • Distribution: Debian
  • Codename: Buster.
  • Arch: 64 Bits
  • Database: MySQL

Log mail.err

root@mx:log # more mail.err
Jan 27 00:31:53 mx dovecot: imap-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem
@tonioo
Copy link
Member

tonioo commented Mar 9, 2020

@mikysal78 Looks like this setting is available starting with dovecot 2.3.

@Kedakai
Copy link

Kedakai commented Feb 21, 2021

No!

This output is wrong.
The option is called ssl_dh not as printed ssh_dh.

Someone made a mistake there that still isn't fixed.

@almereyda
Copy link
Contributor

Yes, we should include DH parameters for Dovecot as well, as done for Postfix and Nginx already:

Postfix:

modoboa-installer/modoboa_installer/scripts/postfix.py

Lines 89 to 91 in 33a909a

# Generate EDH parameters
if not os.path.exists("{}/dh2048.pem".format(self.config_dir)):
cmd = "openssl dhparam -dsaparam -out dh2048.pem 2048"

modoboa-installer/modoboa_installer/scripts/files/postfix/main.cf.tpl

Line 44 in 7f87c25

smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem

Nginx:

modoboa-installer/modoboa_installer/scripts/nginx.py

Lines 88 to 89 in 33a909a

if not os.path.exists("{}/dhparam.pem".format(self.config_dir)):
cmd = "openssl dhparam -dsaparam -out dhparam.pem 4096"

modoboa-installer/modoboa_installer/scripts/files/nginx/modoboa.conf.tpl

Line 25 in 58f5a8a

ssl_dhparam /etc/nginx/dhparam.pem;

A reference to the ssl_dh parameter is missing entirely in the Dovecot-associated installer files.

I'd suggest to add parameter generation logic to dovecot.py, and reference this file through ssl_dh in 10-ssl.conf.tpl.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tonioo @almereyda @mikysal78 @Kedakai