Re: Postfix 2.8 not alone in enabling ECDHE ciphers.

2011-01-22 Thread Victor Duchovni
On Sat, Jan 22, 2011 at 10:24:35PM +0100, Ralf Hildebrandt wrote: > Incidentially, I recompiled Postfix against opensssl-1.0 yesterday :) > I still have to find out if the DFN-PKI-CA (which we're using) is > issuing certs on ECC keys There are no mainstream CAs issuing certificates for ECC public

Re: Postfix 2.8 not alone in enabling ECDHE ciphers.

2011-01-22 Thread Ralf Hildebrandt
* Ralf Hildebrandt : > Incidentially, I recompiled Postfix against opensssl-1.0 yesterday :) > I still have to find out if the DFN-PKI-CA (which we're using) is > issuing certs on ECC keys > > I could just try that :) > Like... now :) Doesn't work. It triggers an error in the webinterface for th

Re: Postfix 2.8 not alone in enabling ECDHE ciphers.

2011-01-22 Thread Ralf Hildebrandt
* Ralf Hildebrandt : > I can recommend this PDF: > http://blogs.sun.com/jyrivirkki/resource/ECC-TLS-BOF-6958.pdf > und dies hier in Deutsch: > http://www.weblearn.hs-bremen.de/risse/papers/IIAkolloq080115/elliptic.pdf > > Short: The 2007 PDF says that the best known attacks against ECC are > "wor

Re: Postfix 2.8 not alone in enabling ECDHE ciphers.

2011-01-22 Thread Ralf Hildebrandt
* lst_ho...@kwsoft.de : > May i ask what the big advantages of the new ciphers are? From what i > have heard they are somewhat faster and deemed to be more secure, but > is this urgently needed for TLS? I can recommend this PDF: http://blogs.sun.com/jyrivirkki/resource/ECC-TLS-BOF-6958.pdf und di

Re: Postfix 2.8 not alone in enabling ECDHE ciphers.

2011-01-22 Thread lst_hoe02
Zitat von Victor Duchovni : The Postfix 2.8 SMTP server will not be alone in enabling server-side Elliptic Curve Diffie-Hellman key-agreement. Hosted domains served by smtproutes.com (e.g. saybrook.edu) have ECDHE ciphers enabled: Trusted TLS connection established to saybrook.edu.pri

Postfix 2.8 not alone in enabling ECDHE ciphers.

2011-01-18 Thread Victor Duchovni
The Postfix 2.8 SMTP server will not be alone in enabling server-side Elliptic Curve Diffie-Hellman key-agreement. Hosted domains served by smtproutes.com (e.g. saybrook.edu) have ECDHE ciphers enabled: Trusted TLS connection established to saybrook.edu.pri-mx.smtproutes.com[174.36.154.1