Am 21.12.2014 um 20:03 schrieb Evgeniy Berdnikov:
The first step in debugging should be cleaning up the configuration.
If you have doubts, separate your private key and certificates,
placing them into different files.
After testing some more, I've come to the following conclusions:
* Putting key and certificate in one file is fine.
* A key length of 4096 bit is fine.
* A certificate hash with SHA-512 is not fine. I need to use SHA-256
instead.
Both Thunderbird and 'openssl s_client' work fine with a new certificate
with a shorter hash size. Okay. It wasn't really necessary to use such
paranoid settings, but I wanted to know what works. Now it seems that
GnuTLS is limiting this while OpenSSL and other libraries can handle it.
That's interesting.
--
Yves Goergen
http://unclassified.de
http://dev.unclassified.de
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
