Zitat von Victor Duchovni victor.ducho...@morganstanley.com:
The Postfix 2.8 SMTP server will not be alone in enabling server-side
Elliptic Curve Diffie-Hellman key-agreement.
Hosted domains served by smtproutes.com (e.g. saybrook.edu)
have ECDHE ciphers enabled:
Trusted TLS connection
* lst_ho...@kwsoft.de lst_ho...@kwsoft.de:
May i ask what the big advantages of the new ciphers are? From what i
have heard they are somewhat faster and deemed to be more secure, but
is this urgently needed for TLS?
I can recommend this PDF:
* Ralf Hildebrandt ralf.hildebra...@charite.de:
I can recommend this PDF:
http://blogs.sun.com/jyrivirkki/resource/ECC-TLS-BOF-6958.pdf
und dies hier in Deutsch:
http://www.weblearn.hs-bremen.de/risse/papers/IIAkolloq080115/elliptic.pdf
Short: The 2007 PDF says that the best known attacks
* Ralf Hildebrandt ralf.hildebra...@charite.de:
Incidentially, I recompiled Postfix against opensssl-1.0 yesterday :)
I still have to find out if the DFN-PKI-CA (which we're using) is
issuing certs on ECC keys
I could just try that :)
Like... now :)
Doesn't work. It triggers an error in
The Postfix 2.8 SMTP server will not be alone in enabling server-side
Elliptic Curve Diffie-Hellman key-agreement.
Hosted domains served by smtproutes.com (e.g. saybrook.edu)
have ECDHE ciphers enabled:
Trusted TLS connection established to