Once upon a time, Alexander Huynh <[email protected]> said: > On 2022-08-21 19:46:31 +0000, Slavko via mailop wrote: > >Is that typo? AFAIK both these cipher suites are usable only > >with RSA certificate, they difers only by ephemeral key exchange > >algo... > > Sorry, you're right that it's a typo. I just re-tested and want to > clarify that: ECDHE-RSA-AES128-GCM-SHA256 is exclusive to RSA > certificates, and ECDHE-ECDSA-AES128-GCM-SHA256 is exclusive to EC > certificates, which is less widely supported by other MTAs. > > I've hobbled up a script to enumerate ciphersuites at > https://gist.github.com/ahrex/8d2c15086a116bb9388424c40687f20f,
There's also the nmap script to do enumeration (although it doesn't work against some STMP servers, it seems to for most). On my Fedora Linux system, you can use it like: nmap -Pn -sV --script /usr/share/nmap/scripts/ssl-enum-ciphers -p 25 gmail-smtp-in.l.google.com Also, I believe you can offer both RSA and EC certs, so shouldn't be a negative to getting an EC cert (you just need to have RSA too). -- Chris Adams <[email protected]> _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
