Hi! This change has now been committed, please find it at https://github.com/dovecot/core/compare/cd08262%5E...dd6323.patch
Aki On 16.07.2018 09:53, Aki Tuomi wrote: > This is a known issue, but thanks for reporting it. > > > > --- > Aki Tuomi > Dovecot oy > > -------- Original message -------- > From: Eric Toombs <ewtoo...@uwaterloo.ca> > Date: 16/07/2018 08:41 (GMT+02:00) > To: dovecot@dovecot.org > Subject: ssl_dh required, even though DH is disabled. > > Here's my config: > > # 2.3.2 (582970113): /etc/dovecot/dovecot.conf > # OS: Linux 4.17.5-1-ARCH x86_64 Arch Linux > # Hostname: vault > passdb { > driver = pam > } > protocols = imap > service imap-login { > inet_listener imap { > port = 0 > } > } > ssl = required > ssl_cert = </etc/letsencrypt/live/myhostname.com/fullchain.pem > ssl_cipher_list = > ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384 > ssl_key = # hidden, use -P to show it > ssl_min_protocol = TLSv1.2 > > My filesystem is ext4. > > Even though I use ssl_cipher_list to forbid DH, dovecot still doesn't > work unless I provide an ssl_dh, delivering the following error: > > > Jul 14 21:48:08 vault dovecot[8349]: imap-login: Error: Failed to > initialize SSL server context: Couldn't parse DH parameters: > error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH > PARAMETERS: user=<>, rip=10.0.0.1, lip=10.0.0.2, > session=<4sGi5/9w3pwKAAAB> > > While providing an ssl_dh is only a minor annoyance, it would be nice if > I didn't have to.