------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397
--- Comment #3 from Phil Pennock <pdp@???> 2013-10-15 05:21:20 ---
I don't know enough about cryptanalysis of EC to advocate for any particular
curve. I don't know enough about this undocumented API of OpenSSL to know how
to add _both_ curves, and dynamically select the right one depending upon the
bit-strength of AES in use.
Frankly, the more I look at this, the more inclined I am to say that 4.82
should go out without explicit support for enabling ECDHE, so that we can
better understand the issues. A quick and simple fix, as uninvasive as
possible, is one thing, but this now looks like that's just inadequate.
Jeremy, Todd, please do *not* merge the `enable_ecdhe` branch for 4.82. With
our luck, it would turn out to break clients that barf when ECDHE suddenly
becomes available anyway.
Looking more closely, it seems that OpenSSL 1.0.2 will add the
`SSL_CTX_set1_curves_list()` call, to specify a list of potential curves. It
also looks as though 1.0.2 will introduce a new `SSL_CONF_cmd()` framework for
applications to tune arbitrary options and that Exim should add support for
that, which will automatically add support for curve specification via
`-curves`.
Given that OpenSSL has not stabilised their API for cleanly and correctly
configuring ECDHE support, I do not think Exim should start using the
interfaces in the currently released versions of OpenSSL.
In the meantime, if ECDHE matters then I suggest using GnuTLS with Exim and
providing the control options via the Priority String which can be given in
Exim's `tls_require_ciphers` option.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
