> Tony, Di 15 Nov 2016 18:01:40 CET: > >> The only clue is in /var/log/mail.info: >> imapd-ssl: couriertls: accept: error:14094417:SSL >> routines:SSL3_READ_BYTES:sslv3 alert illegal parameter >> >> It turns out that this was reported in bug #787579, which I think should >> have been resolved by now. Googling suggests a work-around: DH_BITS=2048 >> mkdhparams, but this seems to have little effect. I'm not sure what >> format >> a PEM file should take, but my dhparams.pem is only 201 bytes, which >> seems >> a bit small. > > Have you checked that the mkdhparams script really did create a new > dhparams.pem? Looking at the man page of mkdhparams indicates that it > does nothing if dhparams.pem exists and is less than 25 days old. >
Thank you, Markus; that was indeed the problem. Well spotted!
