I have a setup with three public email relays (relay[1-3].thorcom.net)
each of which runs Exim 4.86 on Ubuntu 14.04 LTS with a fairly
heavy-weight anti-false email/anti-malware measures (RBL, SPF, DKIM,
Sender Verify, Recipient Verify, SRS, SpamAssassin, ClamAV, etc. etc.)
I run Exim on my personal box at home which has used a self-signed
RSA-2048 bit key for ages.
Tonight I have replaced the key with a shiny new Comodo PositiveSSL
multi-domain key/certificate that uses 384-bit ECC (curve secp384r1).
The new key works fine serving web pages via nginx but when I point Exim
to my new key/cert my box reports error 10071065 "elliptic curve
routines:EC_POINT_cmp:incompatible objects" on incoming connections from
remote hosts (ie. my relay servers) that present STARTTLS - see below...
Can anyone shed any light on this? and/or suggest a fix?
Mike
2016-03-26 23:47:14 CRYPTO: Client 195.171.43.34:47220 issued STARTTLS
2016-03-26 23:47:14 TLS error on connection from relay2.thorcom.net
[195.171.43.34] (SSL_CTX_use_PrivateKey_file
file=/etc/ssl/public.tubby.org.key): error:10071065:elliptic curve
routines:EC_POINT_cmp:incompatible objects
2016-03-26 23:47:14 1ajxvG-0008PR-Ks <=
[email protected] H=relay2.thorcom.net
[195.171.43.34] P=esmtp S=4270
[email protected] T="Welcome to the
\"Exim-users\" mailing list"
2016-03-26 23:47:14 1ajxvG-0008PR-Ks => mike <[email protected]>
R=localuser T=local_delivery
2016-03-26 23:47:14 1ajxvG-0008PR-Ks Completed
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
