On Sat, Jul 13, 2019 at 02:16:22PM +0100, Russell King via Exim-users wrote:
> Maybe someone can provide some hints what Key Usage should be set for an
> exim server certificate. According to Red Hat's website:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.0/html/Admin_Guide/Standard_X.509_v3_Certificate_Extensions.html
>
> leads me to think that only keyEncipherment and keyAgreement need be
> set - this is what I had originally, and gnutls refused to offer any
> EC ciphers.
For RSA certs what you should have is:
1. digitalSignature: Allows the server to perform authenticated
ephemeral Diffie-Hellman key exchange, by
signining the key exchange messages.
2. ?keyExcipherment: Allows the server to use legacy RSA "key
transport". This does not offer forward-
secrecy, and may be vulnerable to various
side-channel attacks when implementations
don't handle both good and bad keys in
constant time. So best avoided, but not
offering RSA key transport may break
interoperability with very old non-PFS
clients.
At some point (perhaps already in the past) you'll want *just* 1, but
for now perhaps also 2.
> Adding digitalSignature and nonRepudiation to the cert seems to have
> allowed gnutls to enable EC ciphers, but I don't understand why based
> on the description above.
The nonRepudiation bit is not relevant. TLS is not used for content
commitment (signing contracts, ...).
--
Viktor.
