> On 29 July 2018 at 23:39 ѽ҉ᶬḳ℠ <[email protected]> wrote: > > > > >> facing [ no shared cipher ] error with EC private keys. > > the client connecting to your instance has to support ecdsa > > > > > > It does - Thunderbird 60.0b10 (64-bit) > > [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] > > It seems there is a difference between the private key (rsa vs. ecc -> > SSL_CTX?) used for the certificate signing request and the signed > certificate. > > The csr created from a private key with [ openssl genpkey -algorithm RSA > ] and signed by a CA with [ ecdhe_ecdsa ] works with no error. > > But as stated in the initial message it does not work if the private key > for the csr is generated with [ openssl ecparam -name brainpoolP512t1 > -genkey ]. > >
Can you try, with your ECC cert, openssl s_client -connect server:143 -starttls imap and paste result? Aki
