Dovecot not working after upgrade to Ubuntu 20.04.1 (dh key too small)

I upgraded to Ubuntu 20.04.1 and chose to keep my existing config files, and my mail server stopped working. In the log I saw:

Nov 25 09:07:57 machine dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=someip, lip=someip, session=<someid>

I was able to fix this by modifying /etc/dovecot/conf.d/10-ssl.conf and adding this line:

ssl_dh = </usr/share/dovecot/dh.pem

Please let me know if I’ve introduced an horrific security bug, won’t you?

7 thoughts on “Dovecot not working after upgrade to Ubuntu 20.04.1 (dh key too small)”

  1. Some files were in different places on my (Debian / ISPConfig) setup but your solution helped me find my way through config files. BIG THANKS!

  2. Thank you so much! I did an upgrade 3 days ago and just noticed today. Added the line, restarted dovecot and voila!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.