Re: [exim-dev] [Bug 1397] enable ECDH key exchange for OpenS…

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: 1397
CC: exim-dev
Subject: Re: [exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0
> Frankly, the more I look at this, the more inclined I am to say that 4.82
> should go out without explicit support for enabling ECDHE, so that we can
> better understand the issues. A quick and simple fix, as uninvasive as
> possible, is one thing, but this now looks like that's just inadequate.
> Jeremy, Todd, please do *not* merge the `enable_ecdhe` branch for 4.82. With
> our luck, it would turn out to break clients that barf when ECDHE suddenly
> becomes available anyway.


Agreed. I think the best course of action is to wrap up 4.82 at the
end of this week. Then I would like to target a small baking period
for features and roll a 4.83, say 2-3 months. Between you and
Wolfgang, you both have provided us with some new things that are
going to enhance crypto features.

I'd also like to take a shot at the DANE support that Viktor
mentioned. So a 4.83 with major security enhancements would be
additional positive press.