You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As of writing, gromox/{imap,pop3} don't seem to support RSA- and ECDSA-based SSL certificates in parallel. According to the code in mra/imap/imap_parser.cpp:154SSL_CTX_use_PrivateKey_file() is used, which only handles the first private key. The expectation is however to have both certificate types in parallel supported for hybrid setups, to cover legacy and modern clients. This equals at NGINX to the repeated usage of ssl_certificate and ssl_certificate_key (once for RSA, once for ECDSA). Any chance to have this in the future?
As of writing,
gromox/{imap,pop3}
don't seem to support RSA- and ECDSA-based SSL certificates in parallel. According to the code in mra/imap/imap_parser.cpp:154SSL_CTX_use_PrivateKey_file()
is used, which only handles the first private key. The expectation is however to have both certificate types in parallel supported for hybrid setups, to cover legacy and modern clients. This equals at NGINX to the repeated usage ofssl_certificate
andssl_certificate_key
(once for RSA, once for ECDSA). Any chance to have this in the future?Technical Guideline TR-02102-2: Cryptographic Mechanisms: Recommendations and Key Lengths from the German Federal Office for Information Security ("BSI") recommends ECDSA-based ciphers, which unfortunately can currently not be configured in
gromox/{imap,pop3}
.The text was updated successfully, but these errors were encountered: