On Sat, Jul 13, 2019 at 01:52:50PM +0100, Russell King via Exim-users wrote: > On Sat, Jul 13, 2019 at 01:32:34PM +0100, Russell King via Exim-users wrote: > > Maybe it's something to do with the certs/key? > > ... and it was - the wrong usage on the cert. Now fixed.
Maybe someone can provide some hints what Key Usage should be set for an exim server certificate. According to Red Hat's website: https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/8.0/html/Admin_Guide/Standard_X.509_v3_Certificate_Extensions.html leads me to think that only keyEncipherment and keyAgreement need be set - this is what I had originally, and gnutls refused to offer any EC ciphers. Adding digitalSignature and nonRepudiation to the cert seems to have allowed gnutls to enable EC ciphers, but I don't understand why based on the description above. Can someone say definitively what key usages should be set and which should not be set for an exim server and explain why for each? Thanks. -- Russell King -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
