Dear all, i get always this message in the email error logs at ispconfig panel: Code: Jul 8 09:50:47 dovecot: imap-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem Jul 11 04:25:33 dovecot: pop3-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem I have created the key & added it to dovecot files as from dovecot wiki mentioned (/etc/dovecot/conf.d/10-ssl.conf) - but it does not work Which config file is used from IspConfig, where i need to insert the key, that it is working? Thanks Debian 10, php 7.3, nginx
Code: Jul 11 18:11:25 dovecot: pop3-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem Jul 11 18:11:25 dovecot: pop3-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem Jul 11 18:11:25 dovecot: pop3-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem Jul 12 08:02:11 dovecot: imap-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem Jul 12 08:02:11 dovecot: imap-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem The error happens now every day - i hope somebody could help to fix this Thanks
Try Internet Search Engines with Code: dovecot: imap-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssh_dh If you are using ISPConfig despite posting on Linux Forum, have you set up certificates for Dovecot? https://www.howtoforge.com/tutorial...ote-this-shouldnt-exist-together-with-courier
i have done both - and followed the dovecot wiki & support forum how should it be possible to fix it - but IspConfig uses any other Config files i think - because it does not work
I may have added the fixed code into the one that was already merged with ISPConfig 3.2. I am on mobile, I will try to take a look on it later.
perfect, thanks in advance for the info about the fix i have tried now this: Code: "ssl_dh = </etc/dovecot/dh.pem" to -> /etc/dovecot/dovecot.conf Maybe hopefully this will fix it ?
I checked the commited code and I can now confirm I did not include it in, most probably because there was no requirement to enable that ssl_dh for dovecot at that time. However, I did add the same for pureftpd. It won't be fixed simply by adding the line. You need to basically create the dh.pem file OR if you have created one for pureftpd (like the one I suggested in the commited code) you can add the same and symlink it by running "ln -sf /etc/ssl/private/dhparam4096.pem /etc/dovecot/dh.pem". The command to create dh.pem is obviously searchable but the one I suggested for pureftpd is "cd /etc/ssl/private; openssl dhparam -out dhparam4096.pem 4096; ln -sf dhparam4096.pem pure-ftpd-dhparams.pem" which you can modify if yours are use for mail only server which normally doesn't have pureftpd. Note for generating a 4096 pem file, it may take quite long time depending on your server capability.
Thanks for your double check - I had nothing changed at default setup & nowhere enabled. But i think it depends on the version in use as well which linux release too if this appears or not. It seems to be working with adding it to the dovecot settings. Until now no additional error messages anymore at email logs - i had done it in that way as you have also mentioned it - the key had taken about 4-5 minutes to generate, what was ok.
The ssl_dh parameter for dovecot is optional since v2.3.3+ according to its wiki, thus you can comment it out or maintain it as you wish.