dovecot 2.3.x, ECC and wildcard certificates, any issues

Aki Tuomi aki.tuomi at dovecot.fi
Mon Jul 30 20:11:41 EEST 2018


You should, in practice, enable both. This gives best client compability. It is possible you have clients that cannot understand ECC certificates? You can use ssl_alt_cert to provide RSA cert too.

Aki

> On 30 July 2018 at 20:05 David Mehler <dave.mehler at gmail.com> wrote:
> 
> 
> Hi,
> 
> Thanks, good news is that worked. Bad news is it all looks good which
> means I do not know hwhy my remote clients can't get their email,
> looked like from the logs it was that.
> 
> Would 143 be better or 993 for the external clients?
> 
> Thanks.
> Dave.
> 
> 
> On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> >
> >> On 30 July 2018 at 19:16 David Mehler <dave.mehler at gmail.com> wrote: 
> >>
> >>
> >> Hello,
> >>
> >> Does dovecot 2.3.x have any issues recognizing or using certificates
> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
> >> implementation from acme-client which does not support either of those
> >> capabilities to acme.sh which does. Since then external clients
> >> checking their email has not worked. A manual telnet to
> >> mail.example.com 993 gives a connected message but then nothing no
> >> greeting or capabilities.
> >>
> >> The certificate is for example.com with an alt name of *.example.com
> >> if that's not right let me know, i'm not sure about that one,
> >> connecting to the web sites of these pages seems noticeably slower,
> >> I'm wondering if both of these issues aren't key related?
> >>
> >> Thanks.
> >> Dave.
> >
> > These both should be fine.
> >
> > Port 993 is TLS encrypted, you should use openssl s_client -connect
> > server:993
> >
> > Aki
> >


More information about the dovecot mailing list