info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
authentication problem after upgrade
14 views
Skip to first unread message
Curtis Vaughan
Oct 28, 2020, 2:53:40 PM10/28/20
to
Sorry if this is wrong group to write to, but not sure where else to go.
I upgraded our ubuntu postfix/dovecot mailserver from ubuntu 18.04 to 20.04 (keeping it on LTS).
Anyhow after upgrading I was getting authentication issues from dovecot. Specifically:
imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
and
Warning: please set ssl_dh=</etc/dovecot/dh.pem
I tried various methods involving recreating the dh.pem (e.g., openssl dhparam 4096 > dh.pem) and putting the new file in /etc/dovecot/, but also in /usr/share/dovecot/, since the latter is what is pointed to by /etc/dovecot/conf.d/10-ssl.conf. (btw I changed it to /etc/dovecot/ )
Nonetheless, nothing resolved the issue.
Finally on one website I found a suggestion to remove ssl-parameters.dat from /var/lib/dovecot/
What I did was just rename it to ssl-parameters.dat.old
Now everything is working.
But should I be concerned is my question.
Thanks for any input!
I upgraded our ubuntu postfix/dovecot mailserver from ubuntu 18.04 to 20.04 (keeping it on LTS).
Anyhow after upgrading I was getting authentication issues from dovecot. Specifically:
imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
and
Warning: please set ssl_dh=</etc/dovecot/dh.pem
I tried various methods involving recreating the dh.pem (e.g., openssl dhparam 4096 > dh.pem) and putting the new file in /etc/dovecot/, but also in /usr/share/dovecot/, since the latter is what is pointed to by /etc/dovecot/conf.d/10-ssl.conf. (btw I changed it to /etc/dovecot/ )
Nonetheless, nothing resolved the issue.
Finally on one website I found a suggestion to remove ssl-parameters.dat from /var/lib/dovecot/
What I did was just rename it to ssl-parameters.dat.old
Now everything is working.
But should I be concerned is my question.
Thanks for any input!
0 new messages