From 08f13326604d3a16a91cf1c04c062236ca8eefab Mon Sep 17 00:00:00 2001 From: downtownallday Date: Wed, 8 Jan 2025 07:07:23 -0500 Subject: [PATCH] remove dovecot config setting 'ssl_dh_parameters_length' Dovecot gives the following warning during installation: doveconf: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:91: ssl_dh_parameters_length is no longer needed --- setup/mail-dovecot.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh index 0af6a1de..a59892fd 100755 --- a/setup/mail-dovecot.sh +++ b/setup/mail-dovecot.sh @@ -89,14 +89,14 @@ tools/editconf.py /etc/dovecot/conf.d/10-auth.conf \ # Enable SSL, specify the location of the SSL certificate and private key files. # Use Mozilla's "Intermediate" recommendations at https://ssl-config.mozilla.org/#server=dovecot&server-version=2.2.33&config=intermediate&openssl-version=1.1.1, # except that the current version of Dovecot does not have a TLSv1.3 setting, so we only use TLSv1.2. -tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \ +tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf -E \ ssl=required \ "ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \ "ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \ "ssl_min_protocol=TLSv1.2" \ "ssl_cipher_list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \ "ssl_prefer_server_ciphers=no" \ - "ssl_dh_parameters_length=2048" \ + "ssl_dh_parameters_length=" \ "ssl_dh=<$STORAGE_ROOT/ssl/dh2048.pem" # Disable in-the-clear IMAP/POP because there is no reason for a user to transmit