On Thu, Apr 28, 2016 at 07:44:53AM +0200, Danny wrote: > Dear OpenSSL users, > > I've been trying to get an ECDSA certificate to work with a postfix > installation lately. > , however, it seems that when I try to use the aECDSA protocol with a > client the server gives "no shared cipher" errors. > > I had created the certificate like the following: > > openssl ecparam -name secp521r1 -genkey -param_enc explicit -out > private/ec-email-server.pem TLS does not support explicit EC parameters. You must use a named curve by OID. The "-param_enc explicit" option must not be used. You must also enable ECDHE in s_server to use ECDSA, since neither RSA key transport nor DHE are possible. -- Viktor.
