Re: [exim-dev] Survey

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] Survey
On Mon, Apr 21, 2014 at 12:27:07AM +0200, Wolfgang Breyha wrote:

> On 19/04/14 19:30, Todd Lyons wrote:
> > Can we get some votes yea or nay for beginning a release cycle
> > for Exim 4.83?
>
> +1 if
> http://bugs.exim.org/show_bug.cgi?id=1397
> or something similar enabling ECDHE is included;-)


There really is little need at this time to go out of one's way to
match the symmetric block algorithm bit length with the EC strength,
provided both exceed a reasonable floor.

Therefore the simplest thing is to provide either curve as a default,
and allow users to configure the other:

    http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade
    http://www.postfix.org/postconf.5.html#tls_eecdh_strong_curve
    http://www.postfix.org/postconf.5.html#tls_eecdh_ultra_curve


    http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs


    smtpd_tls_eecdh_grade = strong | ultra
    tls_eecdh_strong_curve = prime256v1
    tls_eecdh_ultra_curve = secp384r1


With later releases of OpenSSL it will become possible to make the
choice more automatically.

-- 
    Viktor.