Author Topic: IMAPs problems after upgrading to Zentyal 7  (Read 428 times)

sotero

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
IMAPs problems after upgrading to Zentyal 7
« on: March 16, 2021, 03:00:01 pm »
Hi all,

Since I've upgraded to Zentyal 7, all clients that try to connect using IMAPs provide the same error on the mail.log

dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=someIP, lip=someIP


I've tried to add ssl_dh = </usr/share/dovecot/dh.pem to my 10-ssl.conf file, but that didn't help.

Anone else having this issue?

Marcio

sotero

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
Re: IMAPs problems after upgrading to Zentyal 7
« Reply #1 on: March 16, 2021, 04:33:24 pm »
SOLVED:

Add the line:

ssl_dh = </etc/dovecot/dh.pem

to the file /etc/dovecot/dovecot.conf ->> don't forget that on zentyal, you have to add it on the stub /etc/zentyal/stubs/mail/dovecot.conf.mas

then run:
openssl dhparam -out /etc/dovecot/dh.pem 4096

will take a while (15 min minimum)

Restart dovecot, and everything will work.