Dovecot not working after upgrade to Ubuntu 20.04.1 (dh key too small)

I upgraded to Ubuntu 20.04.1 and chose to keep my existing config files, and my mail server stopped working. In the log I saw:

Nov 25 09:07:57 machine dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=someip, lip=someip, session=<someid>

I was able to fix this by modifying /etc/dovecot/conf.d/10-ssl.conf and adding this line:

ssl_dh = </usr/share/dovecot/dh.pem

Please let me know if I’ve introduced an horrific security bug, won’t you?

14 thoughts on “Dovecot not working after upgrade to Ubuntu 20.04.1 (dh key too small)”

  1. Some files were in different places on my (Debian / ISPConfig) setup but your solution helped me find my way through config files. BIG THANKS!

  2. Thank you so much! I did an upgrade 3 days ago and just noticed today. Added the line, restarted dovecot and voila!

  3. It took me ages to find this solution – but when I did it worked perfectly – where do I send the cup of coffee???

  4. It would be a better solution to uncomment or add this line IMHO:
    ssl_dh_parameters_length = 2048

  5. @Bratislav ILIC
    doveconf: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:4: ssl_dh_parameters_length is no longer needed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.