Thanks, Slavko - truly appreciated!
On 23.08.2022 16:17, Slavko via mailop wrote:
Dňa Tue, 23 Aug 2022 12:33:47 +0200 Carsten Schiefner via mailop
napísal:
would you mind reporting back then and to share that particular exim
config snippet that does the trick?
No problem ;-)
It is really s
Hi,
Dňa Tue, 23 Aug 2022 12:33:47 +0200 Carsten Schiefner via mailop
napísal:
> would you mind reporting back then and to share that particular exim
> config snippet that does the trick?
No problem ;-)
It is really simple. The exim's specs (4.94.2) says:
For dual-stack (eg. RSA and ECDSA)
Hi Slavko,
On 23.08.2022 09:41, Slavko via mailop wrote:
Dňa Mon, 22 Aug 2022 19:05:27 -0500 Chris Adams via mailop
napísal:
Postfix's TLS_README also says it supports multiple server cert types,
determining which to use based on the negotiated ciphersuite.
Exim declares that it supports th
Hi,
Dňa Mon, 22 Aug 2022 19:05:27 -0500 Chris Adams via mailop
napísal:
> Postfix's TLS_README also says it supports multiple server cert types,
> determining which to use based on the negotiated ciphersuite.
Exim declares that it supports this too, i will setup it by this
way and i will see af
Once upon a time, Ángel said:
> On 2022-08-21 at 15:18 -0500, Chris Adams wrote:
> > Also, I believe you can offer both RSA and EC certs, so shouldn't be
> > a negative to getting an EC cert (you just need to have RSA too).
>
> How would you do that?
>
> You could use different certificates on d
On 2022-08-21 at 15:18 -0500, Chris Adams wrote:
> Also, I believe you can offer both RSA and EC certs, so shouldn't be
> a negative to getting an EC cert (you just need to have RSA too).
How would you do that?
You could use different certificates on different interfaces, based on
the hostname th
On 2022-08-22 16:07:33 +0200, Slavko via mailop wrote:
Please, can you elaborate more from where the cipher suites mismatch
was coming? I mean if it was (your) server or the remote side, which
provided/requested them.
My mail server as the server, and my bank's mail server as the client,
for e
Once upon a time, Slavko said:
> BTW, Chris, if ssl-enum-ciphers nmap's script was not updated recently
> (1-3 years -- i do not remember when exactly i tried it last), do not
> rely on it, it doesn't support TLS1.3...
The version included with nmap 7.92 does recognize and enumerate
TLSv1.3.
--
Ahoj,
Dňa Sun, 21 Aug 2022 14:23:16 + Alexander Huynh via mailop
napísal:
> On 2022-08-21 12:35:18 +0200, Slavko via mailop wrote:
> >if there are known some issues with ECcerts.
>
> Yes, there are. I ran the exact setup you described, and I had to
> debug a whole slew of cipher suite mis
Once upon a time, Alexander Huynh said:
> On 2022-08-21 19:46:31 +, Slavko via mailop wrote:
> >Is that typo? AFAIK both these cipher suites are usable only
> >with RSA certificate, they difers only by ephemeral key exchange
> >algo...
>
> Sorry, you're right that it's a typo. I just re-teste
On 2022-08-21 19:46:31 +, Slavko via mailop wrote:
Is that typo? AFAIK both these cipher suites are usable only
with RSA certificate, they difers only by ephemeral key exchange
algo...
Sorry, you're right that it's a typo. I just re-tested and want to
clarify that: ECDHE-RSA-AES128-GCM-SHA
Hi,
Dňa 21. augusta 2022 14:23:16 UTC používateľ Alexander Huynh via mailop
napísal:
>The gist of my debug came down to: the nature of your certificate partially
>determines what cipher suites you may use, e.g. DHE-RSA-AES256-SHA256 and
>ECDHE-RSA-AES256-SHA256 are mutually exclusive, with th
On 2022-08-21 12:35:18 +0200, Slavko via mailop wrote:
if there are known some issues with ECcerts.
Yes, there are. I ran the exact setup you described, and I had to debug
a whole slew of cipher suite mismatches, bringing out tcpdump and
Wireshark.
The gist of my debug came down to: the nat
Hi,
i was recently registered to use LE'đ EC certificates (EC chain) and
i have plan to use it on my MTA too. But before i start, i want to ask
first, if there are known some issues with ECcerts.
I see (from DMARC reports), that there is not many servers (no one big)
which are able to verify EC D
14 matches
Mail list logo
