This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MTAs supporting TLS with ECC

Hi there,

 

I was wondering if anybody could estimate if the use of an elliptic curve certificate for mail TLS is supported by the most MTAs?

We gave that a try about 2 years ago but rolled back to an RSA cert because much MTAs dropped the connection.

 

I also did not find any statistics about the usage of that.

 

Kind regards,

Andi



This thread was automatically locked due to age.
Parents
  • Hallo Andi and welcome to the UTM Community!

    I Googled elliptic curve certificate mta acceptance rate and found this comment by Digicert:

    "While ECC has some benefits, there are also major drawbacks that you should consider before moving to ECC. Most importantly, not all browsers and servers support ECC certificates and support in mobile platforms has not been thoroughly tested. Another concern is that while ECC is faster overall, the ECC signature verification can be a computationally intensive task and may be slower than RSA on some devices."

    If you decide to try it and monitor the SMTP log, please let us know your results.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Andi and welcome to the UTM Community!

    I Googled elliptic curve certificate mta acceptance rate and found this comment by Digicert:

    "While ECC has some benefits, there are also major drawbacks that you should consider before moving to ECC. Most importantly, not all browsers and servers support ECC certificates and support in mobile platforms has not been thoroughly tested. Another concern is that while ECC is faster overall, the ECC signature verification can be a computationally intensive task and may be slower than RSA on some devices."

    If you decide to try it and monitor the SMTP log, please let us know your results.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob,

     

    thanks for your answer.

    Yes, I also found this statement while searching about some kind of acceptance rate, statistics or something like that.

    Also I do not know when this was published.

     

    I think it would be easier to wait some more time and using an RSA-Certificate.

     

    Cheers,

    Andi