Thanks to pointers from this list, I now have ed25519 keys working as
expected.
My platform is opensuse 15.1.
Solution was to build exim-4.93 from source with GnuTLS.
My ISP's DNS tool is happy with the smaller ed25519 key.
Pity most MTAs (even gmail) don't recognise ed25519 yet, but the day
will come.
On 06/03/2020 09:59, Phil Pennock via Exim-users wrote:
> On 2020-03-05 at 09:02 +0000, Graham McAlister via Exim-users wrote:
>> Suspect my distro build uses openssl instead of gnutls and my version
>> of openssl is 1.1.0 but ed25519 support is in 1.1.1
>>
>> So, either I build exim to use gnutls, or I upgrade openssl to 1.1.1
>>
>> That's my plan, and will report back on results.
> Note that the Exim source ships with a documentation file `openssl.txt`
> to help with exactly this sort of situation: you need a different
> OpenSSL than is shipped by the OS, you need to custom-build it for Exim,
> you don't want to mess with any other installs or risk breaking anything
> else.
>
> -Phil
>
