Re: [exim-dev] Survey

Top Page
This message is part of the following thread:
M+----++++\the complete thread tree sorted by date
MM---\MMMMMWolfgang Breyha at <-
MM++\M.MMMPhil Pennock at ->
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] Survey
On Mon, Apr 21, 2014 at 12:27:07AM +0200, Wolfgang Breyha wrote:

> On 19/04/14 19:30, Todd Lyons wrote:
> > Can we get some votes yea or nay for beginning a release cycle
> > for Exim 4.83?
>
> +1 if
> http://bugs.exim.org/show_bug.cgi?id=1397
> or something similar enabling ECDHE is included;-)

There really is little need at this time to go out of one's way to
match the symmetric block algorithm bit length with the EC strength,
provided both exceed a reasonable floor.

Therefore the simplest thing is to provide either curve as a default,
and allow users to configure the other: 

    http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade
    http://www.postfix.org/postconf.5.html#tls_eecdh_strong_curve
    http://www.postfix.org/postconf.5.html#tls_eecdh_ultra_curve


    http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs


    smtpd_tls_eecdh_grade = strong | ultra
    tls_eecdh_strong_curve = prime256v1
    tls_eecdh_ultra_curve = secp384r1


With later releases of OpenSSL it will become possible to make the
choice more automatically. 

-- 
    Viktor.


This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] SurveyRe: [exim-dev] Survey->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)