Am 21.12.2014 um 20:03 schrieb Evgeniy Berdnikov:
> The first step in debugging should be cleaning up the configuration.
> If you have doubts, separate your private key and certificates,
> placing them into different files.
After testing some more, I've come to the following conclusions:
* Putting key and certificate in one file is fine.
* A key length of 4096 bit is fine.
* A certificate hash with SHA-512 is not fine. I need to use SHA-256
instead.
Both Thunderbird and 'openssl s_client' work fine with a new certificate
with a shorter hash size. Okay. It wasn't really necessary to use such
paranoid settings, but I wanted to know what works. Now it seems that
GnuTLS is limiting this while OpenSSL and other libraries can handle it.
That's interesting.
--
Yves Goergen
http://unclassified.de
http://dev.unclassified.de
