Author: Mike Tubby Date: To: Exim User List Subject: [exim] Exim TLS with ECC/ECDHE gives "incompatible objects" error
I have a setup with three public email relays (relay[1-3].thorcom.net)
each of which runs Exim 4.86 on Ubuntu 14.04 LTS with a fairly
heavy-weight anti-false email/anti-malware measures (RBL, SPF, DKIM,
Sender Verify, Recipient Verify, SRS, SpamAssassin, ClamAV, etc. etc.)
I run Exim on my personal box at home which has used a self-signed
RSA-2048 bit key for ages.
Tonight I have replaced the key with a shiny new Comodo PositiveSSL
multi-domain key/certificate that uses 384-bit ECC (curve secp384r1).
The new key works fine serving web pages via nginx but when I point Exim
to my new key/cert my box reports error 10071065 "elliptic curve
routines:EC_POINT_cmp:incompatible objects" on incoming connections from
remote hosts (ie. my relay servers) that present STARTTLS - see below...
Can anyone shed any light on this? and/or suggest a fix?
Mike
2016-03-26 23:47:14 CRYPTO: Client 195.171.43.34:47220 issued STARTTLS
2016-03-26 23:47:14 TLS error on connection from relay2.thorcom.net
[195.171.43.34] (SSL_CTX_use_PrivateKey_file
file=/etc/ssl/public.tubby.org.key): error:10071065:elliptic curve
routines:EC_POINT_cmp:incompatible objects
2016-03-26 23:47:14 1ajxvG-0008PR-Ks <=
exim-users-bounces+mike=tubby.org@??? H=relay2.thorcom.net
[195.171.43.34] P=esmtp S=4270
id=mailman.0.1459036032.25222.exim-users@??? T="Welcome to the
\"Exim-users\" mailing list"
2016-03-26 23:47:14 1ajxvG-0008PR-Ks => mike <mike@???>
R=localuser T=local_delivery
2016-03-26 23:47:14 1ajxvG-0008PR-Ks Completed
