[Discuss] Debian Buster
Rich Pieri
richard.pieri at gmail.com
Sun Sep 8 11:36:24 EDT 2019
Finally got around to bumping my home server to Buster (Debian 10).
Only one hitch and it's Dovecot again. The new version of Dovecot
requires a large (minimum 2048-bit) DH key. The upgrade process does
not have the decency to generate this key and the instructions provided
are incorrect. They generate a DH key ~half the minimum size Dovecot 2.3
requires. Specifically:
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
should be
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam 2048 -inform der > /etc/dovecot/dh.pem
to generate a dh.pem of requisite size.
Merging the private and public SSL certificates into a single file may
also be necessary.
--
Rich Pieri
More information about the Discuss
mailing list