On Sat, Oct 01, 2022 at 09:32:49PM +0000, Eddie Rowe wrote:
> > You should have at least an RSA certificate (2048-bit key, not more), and
> > only
>
> I do not recall seeing this on the PostFix web site that discusses TLS
> settings as I struggle to setup TLS with our existing wildcard
> certificate. Can you confirm a 4096-bit certificate will not work?
4096-bit RSA certificates mostly work, but are pointless crypto
exhibitionism, waste CPU, can run into client implementation
limitations, and so are not a good idea.
--
Viktor.
