Thread Info
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 2159 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MTAs supporting TLS with ECC

Andreas Bux

Hi there,

 

I was wondering if anybody could estimate if the use of an elliptic curve certificate for mail TLS is supported by the most MTAs?

We gave that a try about 2 years ago but rolled back to an RSA cert because much MTAs dropped the connection.

 

I also did not find any statistics about the usage of that.

 

Kind regards,

Andi



This thread was automatically locked due to age.

Top Replies

  • +2

    ## Latest Update ##

    The development team has planned to resolve this issue in the firmware version 9.706 MR6. 
    This version is currently expected to be release by the End of November and this might get change based on other priorities.

    (but support has a fix available with the Exim 4.86 patch)

    On my side the patch will be done soon and I will test it and will report back to the community

    Jump to answer
Parents

  • ## UPDATED ##

    Hi Andi,

    I'm testing it at the moment and at this moment I encounter serious problems with the exim mta @ the utm.

    Result is no tls possible yet.

    Support case is created. When a solution is there I'll post the feedback.

    # UPDATE 10 September 2020 #

    Currently a support case is created. Preliminary research pointed out the following:

    current exim version does not support ECC at all. (https://bugs.exim.org/show_bug.cgi?id=1397)

    Errors in the smtp.log will show the following:

    error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

    TLS client disconnected cleanly (rejected our certificate?)

    This is supposed to go direction GES/DEV in a short while. 

    I'll keep you updated on this.

     

     

    Regards,

     

    Arno

Reply

  • ## UPDATED ##

    Hi Andi,

    I'm testing it at the moment and at this moment I encounter serious problems with the exim mta @ the utm.

    Result is no tls possible yet.

    Support case is created. When a solution is there I'll post the feedback.

    # UPDATE 10 September 2020 #

    Currently a support case is created. Preliminary research pointed out the following:

    current exim version does not support ECC at all. (https://bugs.exim.org/show_bug.cgi?id=1397)

    Errors in the smtp.log will show the following:

    error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

    TLS client disconnected cleanly (rejected our certificate?)

    This is supposed to go direction GES/DEV in a short while. 

    I'll keep you updated on this.

     

     

    Regards,

     

    Arno

Children
No Data