>>>> facing [ no shared cipher ] error with EC private keys. >>> the client connecting to your instance has to support ecdsa >>> >>> >> It does - Thunderbird 60.0b10 (64-bit) >> >> [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] >> >> It seems there is a difference between the private key (rsa vs. ecc -> >> SSL_CTX?) used for the certificate signing request and the signed >> certificate. >> >> The csr created from a private key with [ openssl genpkey -algorithm RSA >> ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. >> >> But as stated in the initial message it does not work if the private key >> for the csr is generated with [ openssl ecparam -name brainpoolP512t1 >> -genkey ]. >> >> > > Can you show doveconf ssl_cipher_list? >
Tried several variations, e.g. ALL, ALL:HIGH:MEDIUM:LOW and right now set to ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384 which is working fine when the csr was created from a private key with RSA algorithm but not if csr key is generated with an EC key.
