On 12/04/2021 21:39, The Doctor via Exim-users wrote:
Does Exim support 8192 bit SSL keys?
Nothing works until it's been tried, and I've not personally tested 8k (or even 4k) keys in certs. The regression tests use 2k key for RSA and (it looks like) a nistp521 key for EC. I can't comment on other EC variants, but apart from buffer sizes I'd expect the only limitations to be in the crypto library in use. I agree with Viktor, use EC. Until we hit the cryptapocalypse they are much preferred. Ed25519 works for DKIM keys, though you need to worry whether the MTAs you talk to also support them. You can dual-sign with an RSA and an EC key. The tests use 512b (I know; deprecated...) and 1k keys for DKIM/RSA, and Ed25519 for DKIM/EC. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
