Questions regarding ecliptic curve support


I had two short questions regarding Postfix’s elliptic curve support for the SMTP server.

1. Under the man documentation for: tls_eecdh_strong_curve the documentation states “...approximately 128-bit security...”. Is that saying that it is equivalent to 128-bits RSA or it provides an elliptic curve key size of nearly 128-bits ?

2. To make use of ecliptic curve encryption a TLS certificate must have been made with support for ecliptic curves, correct ? A TLS certificate using RSA keys will not work ?


- J


Re: Questions regarding ecliptic curve support

By Viktor Dukhovni at 01/10/2018 - 18:22

No, it is 2^128 work-factor, as in AES-128 or RSA ~3072. You should generally
not change tls_eecdh_strong_curve. 128-bit RSA is *not* 128-bit security.


<a href="" title=""></a>

EECDH key-agreement is largely independent of the certificate type. You
can EECDH key agreement with either RSA or ECDSA certificates.

Actually it works just fine. RSA certificates are used to *authenticate*
the key exchange, which performed via EECDH.

See also <a href="" title=""></a>