On Sun, Apr 19, 2026 at 09:15:37PM +0100, Sad Clouds wrote:
> On Mon, 20 Apr 2026 03:44:45 +1000
> Viktor Dukhovni via Postfix-users <[email protected]> wrote:
>
> > It is not possible. OpenSSL supports at most one EC cert + private key
> > at a time in a given context (default or SNI-based).
>
> OK thanks for the info, I've been wondering about this for the past
> few weeks. I recently started testing with dual certificates: ECDSA with
> P-256 and RSA with 2048. I will stick with these for now as it seems to
> align with your recommendations.
Those a sensible choices. FWIW, my own server has essentially just an
RSA certificate, there's no tangible benefit to also provisioning an
ECDSA certificate at present.
I say, essentially, because as an OpenSSL developer ($dayjob lately),
I feel honour bound to use what I work on, and so my server also has
a self-signed ML-DSA certificate (no WebPKI CAs issue these for now).
That ML-DSA cert's public key has a matching TLSA record, so
DANE-enabled clients that are sufficiently bleeding edge to support
ML-DSA get use that, often in the form of an RFC7250 raw public key.
The ML-DSA key is currently ML-DSA-65, but a new server I'm building
will switch to ML-DSA-44, which has a healthy "security margin", making
stronger keys overkill in the majority of applications.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
