On 10/1/22 16:16, Viktor Dukhovni wrote:
4096-bit RSA certificates mostly work, but are pointless crypto
exhibitionism, waste CPU, can run into client implementation
limitations, and so are not a good idea.
On 01.10.22 17:20, Shawn Heisey wrote:
My cert from letsencrypt is 4096 bit.
yes, Let's Encrypt clients generate 4096 keys by default, which is
silly because intermediate R3 certificate is only 2048-bit.
I configure let's encrypt clients to create 2048 keys.
At the link below is part of a
report from SSL labs indicating which browsers can't handle my
settings for https:
https://www.dropbox.com/s/o1il6wbst3seuid/browser_compatibility_4096_bit.png?dl=0
The browsers that don't work are ones that I don't care about. The
vast majority of users will have something newer.
browsers don't communicate with postfix, MTAs and MUAs do.
thus, you can get into troubles with otherwise perfect MUAs.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."
