Mail Protection: SMTP, POP3, Antispam and Antivirus MTAs supporting TLS with ECC

UTM Firewall requires membership for participation - click to join

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MTAs supporting TLS with ECC

Andreas Bux over 4 years ago

Hi there,

I was wondering if anybody could estimate if the use of an elliptic curve certificate for mail TLS is supported by the most MTAs?

We gave that a try about 2 years ago but rolled back to an RSA cert because much MTAs dropped the connection.

I also did not find any statistics about the usage of that.

Kind regards,

Andi

This thread was automatically locked due to age.

Top Replies

Arno van der Veen - IT's Secured over 3 years ago +2

## Latest Update ## The development team has planned to resolve this issue in the firmware version 9.706 MR6. This version is currently expected to be release by the End of November and this might get…

Parents

Arno van der Veen - IT's Secured over 3 years ago

## UPDATED ##

Hi Andi,

I'm testing it at the moment and at this moment I encounter serious problems with the exim mta @ the utm.

Result is no tls possible yet.

Support case is created. When a solution is there I'll post the feedback.

# UPDATE 10 September 2020 #

Currently a support case is created. Preliminary research pointed out the following:

current exim version does not support ECC at all. (https://bugs.exim.org/show_bug.cgi?id=1397)

Errors in the smtp.log will show the following:

error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

TLS client disconnected cleanly (rejected our certificate?)

This is supposed to go direction GES/DEV in a short while.

I'll keep you updated on this.

Regards,

Arno
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Arno van der Veen - IT's Secured over 3 years ago

## UPDATED ##

Hi Andi,

I'm testing it at the moment and at this moment I encounter serious problems with the exim mta @ the utm.

Result is no tls possible yet.

Support case is created. When a solution is there I'll post the feedback.

# UPDATE 10 September 2020 #

Currently a support case is created. Preliminary research pointed out the following:

current exim version does not support ECC at all. (https://bugs.exim.org/show_bug.cgi?id=1397)

Errors in the smtp.log will show the following:

error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

TLS client disconnected cleanly (rejected our certificate?)

This is supposed to go direction GES/DEV in a short while.

I'll keep you updated on this.

Regards,

Arno
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data