Re: [exim] 8192 length SSL keys

Top Page
Delete this message
Reply to this message
Author: The Doctor
Date:  
To: Jeremy Harris
CC: exim-users
Subject: Re: [exim] 8192 length SSL keys
On Mon, Apr 12, 2021 at 10:53:46PM +0100, Jeremy Harris via Exim-users wrote:
> On 12/04/2021 21:39, The Doctor via Exim-users wrote:
> > Does Exim support 8192 bit SSL keys?
>
> Nothing works until it's been tried, and I've not
> personally tested 8k (or even 4k) keys in certs.
> The regression tests use 2k key for RSA
> and (it looks like) a nistp521 key for EC.
>
> I can't comment on other EC variants, but apart
> from buffer sizes I'd expect the only limitations
> to be in the crypto library in use.
>
>
> I agree with Viktor, use EC. Until we hit
> the cryptapocalypse they are much preferred.
>
> Ed25519 works for DKIM keys, though you need
> to worry whether the MTAs you talk to also
> support them. You can dual-sign with an RSA
> and an EC key.
> The tests use 512b (I know; deprecated...) and 1k
> keys for DKIM/RSA, and Ed25519 for DKIM/EC.


4K keys do work!

> -- 
> Cheers,
>    Jeremy

>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
A consequence-free mentality brings the most severe consequences. -unknown