postfix imap-login: Error: Failed to initialize SSL server context

freaks · 2018-01-18 10:44:18

hello
i just installed a new server iwth postfix and dovecot
but i have this error when i try to login with STARTTLS

imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS

i have this config file :
/etc/dovecot/conf.d/10-ssl.conf
with

ssl_cert = </data/system/etc/httpd/ssl/httpd.srv.crt
ssl_key = </data/system/etc/httpd/ssl/httpd.srv.key

and in /etc/postfix/main.cf

smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key

the certificates are ok because i used them in another server like the configuration

i checked the permission :

chmod 640 /etc/postfix/smtpd.cert
chmod 640 /etc/postfix/smtpd.key

i checked the key

openssl x509 -noout -text -in /etc/postfix/smtpd.cert
openssl rsa -noout -text -in /etc/postfix/smtpd.key

and

openssl x509 -noout -text -in /data/system/etc/httpd/ssl/httpd.srv.key 
openssl rsa -noout -text -in /data/system/etc/httpd/ssl/httpd.srv.key

i checked the access with this commands :

openssl s_client -connect mail.example.net:imaps

==> but i have this error

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1516285394
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no

i think the problem is the latest version of postfix / dovecot / pigeonhole
because i did a downgrade and now it's ok

i downgraded to this version : pigeonhole 0.4.20-1 - postfix 3.2.2-1 - dovecot 2.2.32-1 (works)

the latest version is : dovecot 2.3.0-2 - postfix 3.2.4-3 (doesn't works)

thanks

Last edited by freaks (2018-01-18 21:50:00)

lo1 · 2018-01-18 11:20:08

https://bbs.archlinux.org/viewtopic.php?id=57855

Please edit your post for completeness, as it is we can't help you with much.

freaks · 2018-01-18 22:06:06

the solution is :
https://dovecot.org/pipermail/dovecot/2 … 10280.html

With v2.3 you are required to provide ssl_dh=</path/to/dh.pem yourself.

You can generate suitable parameters with openssl gendh 2048 (or 4096).
Make sure you run it on something that has plenty of entropy available,
it will take some time.

Arch Linux

#1 2018-01-18 10:44:18

postfix imap-login: Error: Failed to initialize SSL server context

#2 2018-01-18 11:20:08

Re: postfix imap-login: Error: Failed to initialize SSL server context

#3 2018-01-18 22:06:06

Re: postfix imap-login: Error: Failed to initialize SSL server context

Board footer