[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >…

Top Page
Delete this message
Reply to this message
Author: Wolfgang Breyha
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1397




--- Comment #4 from Wolfgang Breyha <wbreyha@???> 2013-10-15 10:43:53 ---
(In reply to comment #3)
> In the meantime, if ECDHE matters then I suggest using GnuTLS with Exim and
> providing the control options via the Priority String which can be given in
> Exim's `tls_require_ciphers` option.


I used GnuTLS until 4.82_RC1.

The problem I've with GnuTLS is that since the addition of a single call to the
PKCS#11 suite in exim GnuTLS MUST have p11-kit support compiled in. On
RHEL/CentOS 5 this is nearly impossible ending up with dependencies to ...
openssl. That means that exim-4.82 breaks GnuTLS support on all these older
plattforms.

That's why I changed back to openssl building custom 1.0.1e RPMs. And since
every other server with SSL support, like apache, nginx, dovecot, ... added
ECDH support in that way I did it as well.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email