2.3.2.1 - EC keys suppport?
ѽ҉ᶬḳ℠
vtol at gmx.net
Sun Jul 29 23:39:55 EEST 2018
>> facing [ no shared cipher ] error with EC private keys.
> the client connecting to your instance has to support ecdsa
>
>
It does - Thunderbird 60.0b10 (64-bit)
[ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ]
It seems there is a difference between the private key (rsa vs. ecc ->
SSL_CTX?) used for the certificate signing request and the signed
certificate.
The csr created from a private key with [ openssl genpkey -algorithm RSA
] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
But as stated in the initial message it does not work if the private key
for the csr is generated with [ openssl ecparam -name brainpoolP512t1
-genkey ].
More information about the dovecot
mailing list