Re: [exim-dev] [Bug 1397] enable ECDH key exchange for OpenS…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-dev
Alte Treads: Re: [exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0
Betreff: Re: [exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0
On 01/10/14 10:55, Jeremy Harris wrote:
> On 30/09/14 19:16, Todd Lyons wrote:
>> I have taken the patch provided by Wolfgang and changed it slightly.
>> I moved the default setting from tls-openssl.c into globals.c. Now
>> the if tls_eccurve==NULL does something slightly different, but the
>> rest of Wolfang's code is unchanged. (It checks to see if errant code
>> left it NULL, which in my understanding can never happen, but this
>> checks for errors every way possible.)
>>
>> The commit is available for viewing at
>> http://git.exim.org/users/tlyons/exim.git/shortlog/refs/heads/master_ecdhe
>> . Please look it over and see if there is anything that you feel
>> should be done differently.
>>
>> I'm aware of Phil's reservation with setting a default cipher.
>> Personally I would rather set it to secp384r1 (default to higher, but
>> standard encryption...the alternative is only trying to use it when
>> tls_eccurve is actually set). prime256v1 and secp384r1are both FIPS
>> compliant so it is in at least every RH/CentOS openssl package 1.0.0+.
>> Suse must be the same since they have incorporated the patch into
>> their more recent OS version. Debian/Ubuntu has a recent version of
>> openssl, so it's worth checking to see if this would work on that too.
>
> Add this info to the change log? Also http://safecurves.cr.yp.to ?


I think the default behaviour should be "best common practice" as far
as the platform is capable. I'm fine with that being prime256v1 for
earlier platforms but I think we should defer to the OpenSSL guys on
the later ones, using the auto facility (as the default). We could
either have the initialiser vary according to $define(s) or we could
nail the default to "auto" and say that on the earlier platforms
this means prime256v1, implemented by #ifdefs in init_ecdh().

I mildly prefer the latter, if we're going to support the earlier
platforms and the curve selection.
--
Cheers,
Jeremy