RSA based ciphers not working in Postfix smtpd

Bugs in eFa 5
Post Reply
Mail2GoCa
Posts: 43
Joined: 10 Oct 2018 09:11

RSA based ciphers not working in Postfix smtpd

Post by Mail2GoCa »

Ever since installing and migrating to EFA 5, a handful of sending servers were unable to establish a TLS connection due to an inability to match ciphers.

Apparently the LetsEncrypt SSL certificate that was issued with the EFA scripts had a key type of ECDSA and not RSA.

I managed to get around this issue by changing the value

Code: Select all

key_type = ecdsa

to

Code: Select all

key_type = rsa

in the cert renewal conf file located at /etc/letsencrypt/renewal/

Once changed, I forced a cert renewal.

Now RSA based tls ciphers are supported.
User avatar
shawniverson
Posts: 3757
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: RSA based ciphers not working in Postfix smtpd

Post by shawniverson »

Let's Encrypt must've started defaulting to ecdsa. I wonder if I need to add an option for this.
Mail2GoCa
Posts: 43
Joined: 10 Oct 2018 09:11

Re: RSA based ciphers not working in Postfix smtpd

Post by Mail2GoCa »

According to Cerbot...

The type of key used by Certbot can be controlled through the --key-type option. You can use the --elliptic-curve option to control the curve used in ECDSA certificates and the --rsa-key-size option to control the size of RSA keys.
Post Reply