stunnel: Could not load DH parameters

After an upgrade from Debian sarge (3.1) to etch or newer you may encounter the following messages in your daemon.log log file when you try to access a service secured by stunnel:

   Could not load DH parameters from /etc/ssl/certs/suucp.pem
   Diffie-Hellman initialization failed
   Error reading certificate file: /etc/ssl/certs/suucp.pem
   SSL_CTX_use_certificate_chain_file: error:0906D06C:PEM routines:PEM_read_bio:no start line

When running as server the new version of stunnel requires not only the certificate and the primary key in the PEM file but also initialisation parameters for the Diffie-Hellman algorithm.

The following command will create the missing DH parameters that need to be appended to the existing PEM file:

   dd if=/dev/urandom count=2 | openssl dhparam -rand - 512

The generation of new PEM files is described in the Debian package in the file README.Debian in the documentation directory.