2.3.2.1 - EC keys suppport?

Aki Tuomi aki.tuomi at dovecot.fi
Mon Jul 30 19:39:29 EEST 2018


> On 29 July 2018 at 23:39 ѽ҉ᶬḳ℠ <vtol at gmx.net> wrote:
> 
> 
> 
> >> facing [ no shared cipher ] error with EC private keys.
> > the client connecting to your instance has to support ecdsa
> >
> >
> 
> It does - Thunderbird 60.0b10 (64-bit)
> 
> [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ]
> 
> It seems there is a difference between the private key (rsa vs. ecc ->
> SSL_CTX?) used for the certificate signing request and the signed
> certificate.
> 
> The csr created from a private key with [ openssl genpkey -algorithm RSA
> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error.
> 
> But as stated in the initial message it does not work if the private key
> for the csr is generated with [ openssl ecparam -name brainpoolP512t1
> -genkey ].
> 
>

Can you try, with your ECC cert,

openssl s_client -connect server:143 -starttls imap

and paste result?

Aki


More information about the dovecot mailing list