Intentionally use weak server key

nanashi nanashi at otenet.gr
Thu Dec 20 13:11:07 EET 2018


The problem is on creation of the key...
Look at this topic
https://stackoverflow.com/a/15092703/8647326

On 12/20/2018 01:02 PM, Aki Tuomi wrote:
>
>> On 20 December 2018 at 12:50 Stavros Tsolakos < stsolakos at gmail.com 
>> <mailto:stsolakos at gmail.com>> wrote:
>>
>>
>> On 20/12/2018 12:37, Marc Roos wrote:
>>>
>>> You have to create your own ca, and then create the certificate. I 
>>> doubt
>>> if you will be able to find companies like DigiCert or Comodo to do
>>> this.
>>>
>>> If you want, I can try sign it with our own 'internal' CA. The only
>>> thing you have to do is of course adding our CA to your ca bundle but
>>> that is very easy in CentOS7
>>>
>> Thank you, Marc.
>>
>> We created our own CA and certificates just fine. The problem is that
>> SSL does not seem to like them giving the error I mentioned in the
>> previous message:
>>
>> dovecot: imap-login: Error: SSL: Stacked error: error:04075070:rsa
>> routines:RSA_sign:digest too big for rsa key
>>
>> What would an SSL+Dovecot expert do if this error was encountered? A
>> 1024 bit key works just fine but we have to stick to 256.
> You need to use a weak TLS algorithm. 256 bit rsa key can contain less 
> than 32 bytes of data so you need to use sha1 based tls algorithm.
>
> ---
> Aki Tuomi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181220/c223cdc1/attachment.html>


More information about the dovecot mailing list