Thanks for new openssl-3.3.2. Unfortunatelly dovecot stops working, when the first client (neomutt) wants to use it: > dovecot[470153]: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters (ssl_dh setting): error:0A00018A:SSL routines::dh key too small: user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<...> Rebuilding dovecot did not help. Workaround: > emerge -a1 =openssl-3.0.15 curl Hm!
Concerning possible dovecot issues after this openssl upgrade: A failing dh.pem can be recreated like described here: https://doc.dovecot.org/2.3/configuration_manual/dovecot_ssl_configuration/ WFM
I confirm this bug: After updating my AMD64 gentoo system from openssl-3.0.15 to openssl-3.3.2, which did not prompt me to rebuild any other packages, both postfix and dovecot logged error messages. At least postfix seemed to work fine after rebuilding it. But dovecot logged the error 'imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters (ssl_dh setting): error:0A00018A:SSL routines::dh key too small: user=<>, rip=<PROTECTED>, lip=<PROTECTED>, session=<PROTECTED>' each time an IMAP client tried to connect, including the current stable thunderbird-115.15.0 on a gentoo machine, and the current thunderbird on a Ubuntu 2024.04 system. After finding no solution, I masked >openssl-3.0.15 and recompiled openssl, postfix, and dovecot. My personal experience with >openssl-3 was a real nuisance. Back when openssl-3 was marked stable, it stole me a lot of time to find out all the packages that i had to update to unstable versions. Then there are the severe performance regressions. And now with the update to openssl-3.3.2 stopped the users of my email server from accessing their mail. IMHO, the decision of the openssl people to introduce API incompatibilities, crypto incompatibilities, and severe performance regressions, all roughly at the same time, clearly shows their lack of judgement. Therefore I kindly suggest that gentoo moves away from openssl, or at least offers a compatible alternative (like e.g. BoringSSL, LibreSSL, GnuTLS with compatibility layer, or any other) via use flags and maybe a virtual/openssl package.
This blog post looks relevant. https://z-issue.com/wp/openssl-3-dovecot-error-failed-to-initialize-ssl-server-context-dh-key-too-small/
I think the easy solution here is to comment out the "ssl_dh" setting in /etc/dovecot/conf.d/10-ssl.conf. The setting is commented out by default on new dovecot installs.
from the release notes of openssl-3.2.0: The default SSL/TLS security level has been changed from 1 to 2. RSA, DSA and DH keys of 1024 bits and above and less than 2048 bits and ECC keys of 160 bits and above and less than 224 bits were previously accepted by default but are now no longer allowed And it is not necessary, though perhaps somewhat beneficial, to generate custom DH parameters. However if you generate them, you need to maintain them. Closing this as bug as INVALID
