On Tue, May 13, 2014 at 08:22:46AM +0100, SW wrote:
> I'll leave it configured as you have mentioned for now. When OpenSSL 1.0.2
> is released I will change it back to how it should be.
>
> Is there any way I can send/receive a test email that makes use of an ECDSA
> cert? As expected, all the current TLS connections in the logs are for RSA
> certs.
Since you're controlling the server, all you need to do is configure
a client that, all else being equal, prefers ECDSA to RSA. With
OpenSSL 1.0.0 or greater, a cipherlist something like:
aRSA:-aRSA:aECDSA:-aECDSA:kRSA:-kRSA:kEDH:-kEDH:kEECDH:-kEECDH:AESGCM:-AESGCM:AES128:CAMELLIA128:3DES:RC4:!EXPORT:!LOW:!MD5:!aNULL:!aDSS:!kSRP:!aPSK:!aECDH
will give you 128-bit AES and CAMELLIA, followed by 3DES and 128-bit
RC4, with ECDSA preferred to RSA, kEECDH and KEDH preferred to RSA
key transport, and AESGCM preferred to other block cipher modes.
--
Viktor.
