On Wed, Sep 28, 2022 at 05:08:37PM +0200, Cyborg via Exim-users wrote: > But your key is a bit short. I suggest to upgrade it to at least 4096 bits.
I strongly disagree. There's no need to be a crypto exhibitionist/maximalist. The vast majority of issuing CA RSA keys are 2048-bits. The use of 4096-bit keys is pointless waste of CPU, especially given that these are *authentication* keys, not encryption keys, so don't need to remain secure after they're replaced. And keep in mind tht SMTP clients mostly still ignore the server certificate entirely. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/