[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
Geert Hendrickx wrote:
> On Tue, Jul 16, 2019 at 09:49:36 -0700, Quanah Gibson-Mount wrote:
>> --On Tuesday, July 16, 2019 5:27 PM +0200 Geert Hendrickx
>> <geert@hendrickx.be> wrote:
>>
>>> With OpenSSL 1.0.1 (CentOS 6) and OpenSSL 1.0.2 (CentOS 7), it does not
>>> use ECC until I explicitly set a curve in olcTLSECName. There is no
>>> default value? This is contrary to expectation, most TLS enabled
>>> software enable ECC by default, based on the configured cipher string.
>>
>> Hi Geert,
>>
>> The OpenSSL API does not support more than 1 EC to be enabled per context.
>
>
> Hmm, at least nginx and postfix support specifying multiple curves:
> https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_ecdh_curve
> http://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves
>
> Both specifically refer to OpenSSL >= 1.0.2
Feel free to submit a patch. But it won't be in time for 2.4.48.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/