Re: [exim] Enabling ECDH

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMKlaus Ethgen at <-
MJan Ingvoldstad at ->
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: exim-users
Subject: Re: [exim] Enabling ECDH
On 03/07/2016 09:50 AM, Renaud Allard wrote:
> Hello,
>
> I am trying to enable ECDH (in server mode). Is there anything I forgot?
>
> I am running exim 4.86.2 under OpenBSD 5.8 with LibreSSL 2.2.2
> In my config file, I have:
> tls_eccurve =   auto   (I tried with other primes too)
> tls_require_ciphers =      !aNULL:CHACHA20:AES256:AES128:@STRENGTH
> openssl_options = +no_compression +cipher_server_preference
> +single_dh_use +single_ecdh_use +no_session_resumption_on_renegotiation

>
> I am trying to connect using:
> openssl s_client -connect localhost:465 -cipher 'ECDH'
> And that fails with
> 2016-03-07 09:47:32 [1347] TLS error on connection from localhost
> [127.0.0.1]:4283 I=[127.0.0.1]:465 (SSL_accept): error:1408A0C1:SSL
> routines:SSL3_GET_CLIENT_HELLO:no shared cipher
>
> Thank you,
> Best Regards
>
>
>
This seems to be dependent on LibreSSL
I opened a bug: https://bugs.exim.org/show_bug.cgi?id=1806

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Security release for CVE-2016-1531: 4.84.2, 4.85.2, 4.86.2, 4.87 RC5Re: [exim] Enabling ECDH->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)