similar to: RSA+ECC certificates

hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing)

Hi All, I think I know the answer. However, I would like to confirm my understanding. Does openssh support the usage of ecc keys? Any plan for supporting ecc keys? Thanks, Erwin

Hello, The client in question is the latest version of AquaMail running on android. Thanks. Dave. On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > You should, in practice, enable both. This gives best client compability. It > is possible you have clients that cannot understand ECC certificates? You > can use ssl_alt_cert to provide RSA cert too. > > Aki >

I don't know how to get both RSA and ECC cert from letsencrypt. Aki > On 30 July 2018 at 20:43 David Mehler <dave.mehler at gmail.com> wrote: > > > Hello, > > What acme implementation do you use for your letsencrypt certificates? > If it's acme.sh how do you get both rsa and ecc certificates? What > configuration options are you using in your

On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > Lack of time on the Open Source projects is understandable, and not uncommon. > > However, PKCS11 has been in the codebase practically forever - the ECC > patches that I saw did not alter the API or such. It is especially > non-invasive when digital signature is concerned. > > Considering how long those patches have

Hi, Thanks, good news is that worked. Bad news is it all looks good which means I do not know hwhy my remote clients can't get their email, looked like from the logs it was that. Would 143 be better or 993 for the external clients? Thanks. Dave. On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > >> On 30 July 2018 at 19:16 David Mehler <dave.mehler at gmail.com>

Hello, Does dovecot 2.3.x have any issues recognizing or using certificates that are ECC and wildcard? I'm trying to switch my letsencrypt implementation from acme-client which does not support either of those capabilities to acme.sh which does. Since then external clients checking their email has not worked. A manual telnet to mail.example.com 993 gives a connected message but then nothing

Hello, I have discovered what I believe is the issue after hearing back from Aquamail. And that is that android 7 which I'm running 7.0 that is, only supports up to the p256 ecc curve. This brings up a question to users of letsencrypt, when you revoke a certificate does it take it out on the usage as well? I've got one domain that says i've issued to many certificates for it and no

Hello Has any one have any experience in ECC RAM Errors. we are seeing ECC fault Errors but I am not sure if it can be related to RAM it self or it is related to bad connection and noise. please let me know if you have a good document regarding ECC Errors, specially I want to know if data will be retransmitted when error happens. 02:00:31, Thursday, 10/11/2007 : EXCEPTION: ECC Error Interrupt

Hi, I was trying to get OpenSSH portable working with my Yubikey.? A key was present on the token but generated using the ECCP384 algorithm. This lead to many obscure goose-chase red-herring error messages from OpenSSH such as the delightful "Could not add card : agent refused operation" or other nonsense that was meaningless and unhelpful. Many hours later in Mr Google's company,

Hello, What acme implementation do you use for your letsencrypt certificates? If it's acme.sh how do you get both rsa and ecc certificates? What configuration options are you using in your configuration of services to allow access to both rsa and ecc? Thanks. Dave. On 7/30/18, David Mehler <dave.mehler at gmail.com> wrote: > Hello, > > The client in question is the latest

That is one of the reasons I do not bother since long with public CAs but rather deploy my own, including own OSCP responder. Which has of course has some drawbacks like redundancy, resilience, bandwidth provision, geographical spread, implementing CA security standards and CA trust in clients. Latter though could be easily overcome if browser and email clients were to support DNSSEC/DANE

https://wiki.dovecot.org/SSL/DovecotConfiguration says: "Since v2.3.3+ Diffie-Hellman parameters have been made optional, and you are encouraged to disable non-ECC DH algorithms completely." and a bit later: "From version 2.3, you must specify path to DH parameters file using ssl_dh=</path/to/dh.pem" So. 1. Is ssl_dh an optional or a must? 2. I've disabled ssl_dh

You should, in practice, enable both. This gives best client compability. It is possible you have clients that cannot understand ECC certificates? You can use ssl_alt_cert to provide RSA cert too. Aki > On 30 July 2018 at 20:05 David Mehler <dave.mehler at gmail.com> wrote: > > > Hi, > > Thanks, good news is that worked. Bad news is it all looks good which > means I

After update from centos 6.6 to centos 6.7 and reboot it, I have get a lot of this error into /var/log/messages: > May??3 11:27:20 s-virt kernel: EDAC MC0: CE row 2, channel 1, label > "": (Branch=0 DRAM-Bank=2 RDWR=Read RAS=6093 CAS=896, CE Err=0x10000 > (Correctable Patrol Data ECC)) > May??3 11:27:21 s-virt kernel: EDAC MC0: CE row 2, channel 1, label > "":

I started to receive this kind of messages a few days ago on one of my servers: Message from syslogd@ at Mon Apr 29 08:02:55 2013 ... server1 kernel: EDAC MC0: UE row 0, channel-a= 0 channel-b= 1 labels "-": (Branch=0 DRAM-Bank=0 RDWR=Read RAS=0 CAS=0, UE Err=0x2 (Aliased Uncorrectable Non-Mirrored Demand Data ECC)) I've never had ECC memory to fail on me before, so now I am

> On 30 July 2018 at 19:16 David Mehler <dave.mehler at gmail.com> wrote: > > > Hello, > > Does dovecot 2.3.x have any issues recognizing or using certificates > that are ECC and wildcard? I'm trying to switch my letsencrypt > implementation from acme-client which does not support either of those > capabilities to acme.sh which does. Since then external

On Sun, 12 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > Tone aside, let me second what Bob said. OpenSSH maintainers seem to > be able to find time for many updates and upgrades - but ECC support > over PKCS#11 appears to repulse them for more than two years (I don't > care to check for exactly how many more). There's no "repulsion" involved, just a lack of

PKCS#11 support for ECC should have been integrated years ago. Let's not complicate it now, just integrate the existing patches so that people stuck with EC keys at least can use them somehow... Jan Sent from my iPhone > On 14 Aug 2018, at 17:04, Ben Lindstrom <mouring at offwriting.org> wrote: > > Wasn't there a proposal at one time to create something like

Is there a method to view the status of the rams ecc single or double bit errors? I would like to confirm that ecc on my xeon e5520 and ecc ram are performing their role since memtest is ambiguous. I am running memory test on a p6t6 ws, e5520 xeon, 2gb samsung ecc modules and this is what is on the screen: Chipset: Core IMC (ECC : Detect / Correct) However, further down "ECC" is