Re: [exim] 8192 length SSL keys

Góra strony
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Dla: exim-users
Temat: Re: [exim] 8192 length SSL keys
On 12/04/2021 21:39, The Doctor via Exim-users wrote:
> Does Exim support 8192 bit SSL keys?


Nothing works until it's been tried, and I've not
personally tested 8k (or even 4k) keys in certs.
The regression tests use 2k key for RSA
and (it looks like) a nistp521 key for EC.

I can't comment on other EC variants, but apart
from buffer sizes I'd expect the only limitations
to be in the crypto library in use.


I agree with Viktor, use EC. Until we hit
the cryptapocalypse they are much preferred.

Ed25519 works for DKIM keys, though you need
to worry whether the MTAs you talk to also
support them. You can dual-sign with an RSA
and an EC key.
The tests use 512b (I know; deprecated...) and 1k
keys for DKIM/RSA, and Ed25519 for DKIM/EC.
--
Cheers,
Jeremy