On Sun, Nov 23, 2025 at 11:04:20 +1100, Viktor Dukhovni via Postfix-users wrote:
> So in practice, for most users, your "chain files" should have just an
> RSA (2048-bit) or just an ECDSA (P-256) certificate. You don't need
> multiple chains, unless you're particularly sophisticated in your needs
> and understanding.
Hi Viktor,
Are you sure that just an ECDSA certificate is sufficient nowadays?
(without RSA fallback)
>From my data, I still see a tiny but non-zero amount of senders that only
support RSA, including some high-profile ones (banks).
And it's usually not because of an outdated implementation, as e.g. they
do support AES-GCM over TLSv1.2, or even TLSv1.3, and still negotiate RSA.
So I suspect it's rather a configuration issue: having an RSA certificate
on the server side, they perhaps disabled ECDSA completely, unknowingly
also impacting their client side TLS capabilities?
> Fortunately, all clients that expect to communicate on today's Internet
> support both RSA and ECDSA, since a large fraction of servers have
> certificates for one of these and not the other.
No, unfortunately, RSA-only clients won't fail to communicate with
ECDSA-only servers; they will just fall back to clear text. :-(
Geert
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
