DevHeads.net

Questions regarding ecliptic curve support

Hi,

I had two short questions regarding Postfix’s elliptic curve support for the SMTP server.

1. Under the man documentation for: tls_eecdh_strong_curve the documentation states “...approximately 128-bit security...”. Is that saying that it is equivalent to 128-bits RSA or it provides an elliptic curve key size of nearly 128-bits ?

2. To make use of ecliptic curve encryption a TLS certificate must have been made with support for ecliptic curves, correct ? A TLS certificate using RSA keys will not work ?

Thanks,

- J

Comments

Re: Questions regarding ecliptic curve support

By Viktor Dukhovni at 01/10/2018 - 19:22

No, it is 2^128 work-factor, as in AES-128 or RSA ~3072. You should generally
not change tls_eecdh_strong_curve. 128-bit RSA is *not* 128-bit security.

See:

<a href="http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade" title="http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade">http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade</a>

EECDH key-agreement is largely independent of the certificate type. You
can EECDH key agreement with either RSA or ECDSA certificates.

Actually it works just fine. RSA certificates are used to *authenticate*
the key exchange, which performed via EECDH.

See also <a href="http://www.postfix.org/FORWARD_SECRECY_README.html" title="http://www.postfix.org/FORWARD_SECRECY_README.html">http://www.postfix.org/FORWARD_SECRECY_README.html</a>