dovecot 2.3.x, ECC and wildcard certificates, any issues

Mon Jul 30 20:32:22 EEST 2018

Hello,

The client in question is the latest version of AquaMail running on android.

Thanks.
Dave.

On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> You should, in practice, enable both. This gives best client compability. It
> is possible you have clients that cannot understand ECC certificates? You
> can use ssl_alt_cert to provide RSA cert too.
>
> Aki
>
>> On 30 July 2018 at 20:05 David Mehler <dave.mehler at gmail.com> wrote:
>>
>>
>> Hi,
>>
>> Thanks, good news is that worked. Bad news is it all looks good which
>> means I do not know hwhy my remote clients can't get their email,
>> looked like from the logs it was that.
>>
>> Would 143 be better or 993 for the external clients?
>>
>> Thanks.
>> Dave.
>>
>>
>> On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>> >
>> >> On 30 July 2018 at 19:16 David Mehler <dave.mehler at gmail.com> wrote:
>> >>
>> >>
>> >> Hello,
>> >>
>> >> Does dovecot 2.3.x have any issues recognizing or using certificates
>> >> that are ECC and wildcard? I'm trying to switch my letsencrypt
>> >> implementation from acme-client which does not support either of those
>> >> capabilities to acme.sh which does. Since then external clients
>> >> checking their email has not worked. A manual telnet to
>> >> mail.example.com 993 gives a connected message but then nothing no
>> >> greeting or capabilities.
>> >>
>> >> The certificate is for example.com with an alt name of *.example.com
>> >> if that's not right let me know, i'm not sure about that one,
>> >> connecting to the web sites of these pages seems noticeably slower,
>> >> I'm wondering if both of these issues aren't key related?
>> >>
>> >> Thanks.
>> >> Dave.
>> >
>> > These both should be fine.
>> >
>> > Port 993 is TLS encrypted, you should use openssl s_client -connect
>> > server:993
>> >
>> > Aki
>> >
>