2.3.1 does not generate them at all and accepts a static file.
---Aki TuomiDovecot oy
-------- Original message --------From: Erik de Waard <erikdewa...@gmail.com>
Date: 09/05/2018 17:48 (GMT+02:00) To: dovecot@dovecot.org Subject: possible
to disable dh_key/ssl-parameters.dat generation when only using ECDHE ciphers.
Hi,
I want to disable dh_key/ssl-parameters.dat entirely since i'm only using ECDHE
ciphers.
# 2.2.34 (874deae): /etc/dovecot/dovecot.conf# Pigeonhole version 0.4.22
(22940fb7)# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4 # Hostname:
somehost.comauth_cache_negative_ttl = 0auth_cache_size = 10 Mauth_cache_ttl = 1
daysauth_username_chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"default_client_limit
= 1500default_vsz_limit = 600 Mdisable_plaintext_auth = noinfo_log_path =
/var/log/mail.log.infolisten = *log_timestamp = "%Y-%m-%d %H:%M:%S "mail_debug
= yesmail_max_userip_connections = 100mail_privileged_group = mailmmap_disable
= yesnamespace inbox { inbox = yes location = mailbox Drafts {
special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox
Sent { special_use = \Sent } mailbox "Sent Messages" { special_use =
\Sent } mailbox Trash { special_use = \Trash } prefix = INBOX.
separator = . type = private}passdb { args = /etc/dovecot/dovecot-sql.conf
driver = sql}plugin { sieve_execute_bin_dir = /etc/dovecot/sieve-executables
sieve_global_extensions = +vnd.dovecot.execute sieve_plugins =
sieve_extprograms}protocols = imap lmtpservice anvil { unix_listener
anvil-auth-penalty { mode = 0600 }}service auth { user = root}service
imap-login { client_limit = 6000 process_limit = 4 process_min_avail = 4
service_count = 0 vsz_limit = 600 M}service imap { client_limit = 1
process_limit = 1024 service_count = 50}service lmtp { inet_listener lmtp {
port = 24 }}ssl_cert = </etc/dovecot/dovecot.crtssl_cipher_list =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256ssl_key
= # hidden, use -P to show itssl_prefer_server_ciphers = yesuserdb { driver
= prefetch}userdb { args = /etc/dovecot/dovecot-sql.conf driver =
sql}verbose_proctitle = yesprotocol lmtp { mail_plugins = " sieve" plugin {
sieve = ~/filters.sieve sieve_after = /etc/dovecot/sieve/after.sieve
sieve_before = /etc/dovecot/sieve/before.sieve } userdb { args =
/etc/dovecot/dovecot-sql-lmtp.conf driver = sql name = }}
