[exim] How to get ec cert used with DANE and ec+rsa certs

Page principale
Ce message fait partie du fil suivant :
MArborescence complète du fil triée par date
M 
Viktor Dukhovni à ->
Supprimer ce message
Répondre à ce message
Auteur: Axel Rau
Date:  
À: Exim-users
Sujet: [exim] How to get ec cert used with DANE and ec+rsa certs
Hi all, 

testing my TLSA setup here
    https://www.huque.com/bin/danecheck
fails always with the ec cert, while the rsa cert succeeds:
DNS TLSA RRset:
  qname: _25._tcp.tmx3.lrau.net.
  3 0 1 0b3eae57d593d773cf6582d5e59f26681716678fd86535fef867dec1708e45b2
  3 0 1 de449278a5c30ab0e50a3ed89d31e6625847cd884247b40230f8c866a2d65120
IP Addresses found:
  2a05:bec0:26:18::91
  91.216.35.191


## Checking tmx3.lrau.net 2a05:bec0:26:18::91 port 25
DANE TLSA 3 0 1 [0b3eae57..]: FAIL did not match EE certificate
DANE TLSA 3 0 1 [de449278..]: OK matched EE certificate 

I have verified the TLSA hash of the ec cert here
    https://www.huque.com/bin/gen_tlsa


I tried without tls_require_ciphers or with
    tls_require_ciphers = ECDSA:RSA:HIGH:!MD5:!SHA1:!COMPLEMENTOFDEFAULT
but all fails.


Axel 

PS:
tls_certificate =   /usr/local/etc/exim/tmx3.lrau.net_server_ec_cert_cacert.pem : \
                    /usr/local/etc/exim/tmx3.lrau.net_server_cert_cacert.pem
tls_privatekey =    /usr/local/etc/exim/tmx3.lrau.net_server_ec_key.pem : \
                    /usr/local/etc/exim/tmx3.lrau.net_server_key.pem


---
PGP-Key: CDE74120 ☀ computing @ chaos claudius

Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-users
Informations sur la liste de diffusion | Messages voisins		<-Re: [exim] Microsoft MUAs on port 587Re: [exim] How to get ec cert used with DANE and ec+rsa certs->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)