[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)

To: Quanah Gibson-Mount <quanah@symas.com>
Subject: Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
From: Geert Hendrickx <geert@hendrickx.be>
Date: Tue, 16 Jul 2019 19:39:51 +0200
Cc: openldap-technical@openldap.org
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=hendrickx.be; s=geert; t=1563298791; bh=HmLD4gQHR+vYhXKrV7PexdBPXjOUtejSj12L8nb70Qc=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=Tx5gH8lELOvknXbbwhoOnGJVF1Im5M6Ezz8YetTSpCz716XYLBWfuDF5mdh+lQdEP 84wqsf+kzfObXs/iupyM+Iit+pHtajtn+Aay9f1hAunucuUFrBrE88zmpoxZC2pRQ5 uUSqrNw3OmoN0VybmvpdTMMTFVYz2xply6Cp0hpd43YRUnqIzySvoxtMCTWWM99fIM /WRI+2WW/SDE2IGZgu/DDWxb7P18cfc4gryJnxol1jzFlgKA8m2W7dxWFH2gvv/7KU oZUX6UPOuuKp89U6Kt0uwJfuhZi0NXiWkXgmWPJn8R4AAZKQHcswUlkiuV1aib9+rg NX9PBKLQrKQrw==
In-reply-to: <0D4F2973429A4A2573CDBD7A@[192.168.1.39]>
References: <DE273198FC0A963A5F733B11@[192.168.1.39]> <20190716142718.GA2445@vera.ghen.be> <0D4F2973429A4A2573CDBD7A@[192.168.1.39]>
User-agent: Mutt/1.12.1 (2019-06-15)

On Tue, Jul 16, 2019 at 09:49:36 -0700, Quanah Gibson-Mount wrote:
> --On Tuesday, July 16, 2019 5:27 PM +0200 Geert Hendrickx
> <geert@hendrickx.be> wrote:
> 
> > With OpenSSL 1.0.1 (CentOS 6) and OpenSSL 1.0.2 (CentOS 7), it does not
> > use ECC until I explicitly set a curve in olcTLSECName.  There is no
> > default value?  This is contrary to expectation, most TLS enabled
> > software enable ECC by default, based on the configured cipher string.
> 
> Hi Geert,
> 
> The OpenSSL API does not support more than 1 EC to be enabled per context.
 

Hmm, at least nginx and postfix support specifying multiple curves:
https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_ecdh_curve
http://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves

Both specifically refer to OpenSSL >= 1.0.2


	Geert


-- 
geert.hendrickx.be :: geert@hendrickx.be :: PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!

Follow-Ups:
- Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
  - From: Howard Chu <hyc@symas.com>

References:
- RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
  - From: Geert Hendrickx <geert@hendrickx.be>
- Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
Next by Date: Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
Index(es):
- Chronological
- Thread