Re: [exim] Available ciphers with stock Debian (gnutls) exim

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] Available ciphers with stock Debian (gnutls) exim
On Sat, Jul 13, 2019 at 02:16:22PM +0100, Russell King via Exim-users wrote:

> Maybe someone can provide some hints what Key Usage should be set for an
> exim server certificate. According to Red Hat's website:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.0/html/Admin_Guide/Standard_X.509_v3_Certificate_Extensions.html
>
> leads me to think that only keyEncipherment and keyAgreement need be
> set - this is what I had originally, and gnutls refused to offer any
> EC ciphers.


For RSA certs what you should have is:

    1. digitalSignature:  Allows the server to perform authenticated
                      ephemeral Diffie-Hellman key exchange, by
              signining the key exchange messages.


    2. ?keyExcipherment:  Allows the server to use legacy RSA "key
              transport".  This does not offer forward-
              secrecy, and may be vulnerable to various
              side-channel attacks when implementations
              don't handle both good and bad keys in
              constant time.  So best avoided, but not
              offering RSA key transport may break
              interoperability with very old non-PFS
              clients.


At some point (perhaps already in the past) you'll want *just* 1, but
for now perhaps also 2.

> Adding digitalSignature and nonRepudiation to the cert seems to have
> allowed gnutls to enable EC ciphers, but I don't understand why based
> on the description above.


The nonRepudiation bit is not relevant. TLS is not used for content
commitment (signing contracts, ...).

-- 
    Viktor.