On Tue, Mar 18, 2025 at 09:39:16AM +0000, Fehlauer, Norbert via mailop wrote:
> Just wanted to share some insights after using the ECC certificates on > a few MTAs over the past month. I only did see problems with sending > Cisco ESA's, which don't have ECC certificate support enabled for > outbound traffic in their default configuration as it seems: > https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200169-Configure-ESA-to-prefer-Perfect-Forward.html#anc8 > > Other sending MTAs did not pop up to my attention so far. That document is ~7 years old, and quite outdated, it predates broad adoption of TLS 1.3. Nevertheless even there, the text stats that at the time ESAs did support ECDHE and ECDSA outbound, they just did not prefer these by default: For OUTBOUND SMTP traffic, the ESA in addition to INBOUND supports ECDHE and ECDSA Certificates. Is there are some ESA systems that don't support ECDSA, that's likely a result of poor non-default choces of settigngs by the device operator. -- Viktor. _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
