Am 24.12.2013 04:03, schrieb Viktor Dukhovni:
On Tue, Dec 24, 2013 at 01:16:33AM +0100, li...@rhsoft.net wrote:
Deploying digests beyond SHA1 will cause interoperability problems
with systems that don't yet support the SHA2 family
Are you aware of systems / mailservers which would have a
On Tue, Dec 24, 2013 at 11:16:50AM +0100, li...@rhsoft.net wrote:
The symptom would be that your certificate chain is not verifiable,
verify error:num=7:certificate signature failure
Thank you for that.
Am I right that this does not break opportunistic TLS at a whole
for such
Am 24.12.2013 17:33, schrieb Viktor Dukhovni:
On Tue, Dec 24, 2013 at 11:16:50AM +0100, li...@rhsoft.net wrote:
The symptom would be that your certificate chain is not verifiable,
verify error:num=7:certificate signature failure
Thank you for that.
Am I right that this does not break
On Tue, Dec 24, 2013 at 05:45:21PM +0100, li...@rhsoft.net wrote:
Maybe a good idea to consider using the wildcard-certificate
with SHA2 for outgoing messages and order a 3072/SHA1 for the
MX and use the wildcard for all other services
You don't need to, and SHOULD NOT, configure a client
Am 24.12.2013 18:13, schrieb Viktor Dukhovni:
On Tue, Dec 24, 2013 at 05:45:21PM +0100, li...@rhsoft.net wrote:
Maybe a good idea to consider using the wildcard-certificate
with SHA2 for outgoing messages and order a 3072/SHA1 for the
MX and use the wildcard for all other services
You don't
On Tue, Dec 24, 2013 at 06:36:08PM +0100, li...@rhsoft.net wrote:
For me it looked logical that if I have the two params for
smtpd_ and there are identical for smtp_ they should be both
used with the same cert
smtpd_tls_cert_file = /etc/postfix/certs/localhost.pem
smtpd_tls_key_file =
Am 24.12.2013 19:13, schrieb Viktor Dukhovni:
On Tue, Dec 24, 2013 at 06:36:08PM +0100, li...@rhsoft.net wrote:
For me it looked logical that if I have the two params for
smtpd_ and there are identical for smtp_ they should be both
used with the same cert
smtpd_tls_cert_file =
I am receiving a Certificate Error when sending mail from K-9 on my
android. I do not receive any error on my PC client (Thunderbird).
I only have a self-signed public certificate and private key configured
for use by Postfix. Should I create my own Certificate Authority and cat
its
Original Message
Date: Tuesday, December 24, 2013 12:57:53 AM +1100
From: nanotek nano...@bsdbox.co
To: postfix-users@postfix.org
Subject: Certificate Error (android client)
I am receiving a Certificate Error when sending mail from K-9 on
my android. I do not receive
On Tue, Dec 24, 2013 at 01:29:38AM +1100, nanotek wrote:
Still, might be a good time to create my own CA and upgrade to 4096 bit
keys/certificates
You can deploy 4096-bit RSA key if it makes you feel more cool,
but there is little point in going beyond 2048-bit RSA at this
time. The further
On Mon, Dec 23, 2013 at 03:09:09PM +, Viktor Dukhovni wrote:
using SHA512 algorithms
TLSv1 and TLSv1.2 does not support negotiation of digest algorithms.
I meant TLSv1 and TLSv1.1, but typed TLSv1.2.
Speaking of TLSv1.2, does anyone have more information about:
Am 23.12.2013 16:09, schrieb Viktor Dukhovni:
On Tue, Dec 24, 2013 at 01:29:38AM +1100, nanotek wrote:
Still, might be a good time to create my own CA and upgrade to 4096 bit
keys/certificates
You can deploy 4096-bit RSA key if it makes you feel more cool,
but there is little point in
nanotek nano...@bsdbox.co wrote:
I am receiving a Certificate Error when sending mail from K-9 on my
android. I do not receive any error on my PC client (Thunderbird).
I only have a self-signed public certificate and private key configured
for use by Postfix. Should I create my own
On Tue, Dec 24, 2013 at 01:16:33AM +0100, li...@rhsoft.net wrote:
Deploying digests beyond SHA1 will cause interoperability problems
with systems that don't yet support the SHA2 family
Are you aware of systems / mailservers which would have a
problem with it?
Yes. Any OpenSSL based MTA,
14 matches
Mail list logo