BIG THANKS TO SLAVKO :D
Am 05.01.24 um 14:38 schrieb Slavko via Exim-users:
> D?a 5. januára 2024 13:15:37 UTC používate? Cyborg via Exim-users <exim-users@lists.exim.org> napísal:
>
>> Exim(-> openssl) does not accept one specific TLS 1.2 cipher on incoming connections anymore.
>> Fact checked with s_client .... -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384
> Do you use EC(DSA) or RSA certificate?
>
You may be on something:
Current:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
Previous:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
... exchanging the exim.pem from ec to rsa ...
** Working again ** :D
That's the Let's Encrypt switch => EC as the default.
## TO ALL ##
You have to request RSA Certs from LE , or this will to you too.
Of course, you or LE are not to blame if it happens, as the root cause
of this are other servers not keeping up with the crypto development in
the real world and missing EC support!
best regards,
Marius
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Am 05.01.24 um 14:38 schrieb Slavko via Exim-users:
> D?a 5. januára 2024 13:15:37 UTC používate? Cyborg via Exim-users <exim-users@lists.exim.org> napísal:
>
>> Exim(-> openssl) does not accept one specific TLS 1.2 cipher on incoming connections anymore.
>> Fact checked with s_client .... -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384
> Do you use EC(DSA) or RSA certificate?
>
You may be on something:
Current:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
Previous:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
... exchanging the exim.pem from ec to rsa ...
** Working again ** :D
That's the Let's Encrypt switch => EC as the default.
## TO ALL ##
You have to request RSA Certs from LE , or this will to you too.
Of course, you or LE are not to blame if it happens, as the root cause
of this are other servers not keeping up with the crypto development in
the real world and missing EC support!
best regards,
Marius
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/