Re: [exim] 8192 length SSL keys

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] 8192 length SSL keys
On Mon, Apr 12, 2021 at 02:39:41PM -0600, The Doctor via Exim-users wrote:

> Does Exim support 8192 bit SSL keys?


Even 4096-bit RSA keys are noticeably slow/bulky, none of the public CAs
are using anything stronger than 4096-bit RSA keys and most are using
2048. Why on earth would you want 8192 bits?

If you actually want practical strong keys, use ECDSA P256, Ed25519
or Ed449.

> IF so why is Thunderbird choking?


Wrong question IMHO, don't use 8192 bit RSA, it is not a good idea.

-- 
    Viktor.