On 12/11/2016 06:45 PM, Heiko Schlittermann wrote:
> Hello,
>
> Torsten Tributh <exim-users@???> (Sa 10 Dez 2016 14:50:22 CET):
>> Some more questions:
>> Is there a possibility to log the used curve like the way the used
>> cipher is logged?
>
> If we find a good way to include it in the log, without breaking
> the current format: yes.
Sounds good.
>
>> Can it be possible to put a list of curves into
>> tls_eccurve instead of a single curve?
>>
>> I tried to use: "X25519:brainpoolP384r1:brainpoolP512r1:secp521r1:secp384r1"
>> but than i have only an error in the log like:
>
> The tls_eccurve gets expanded as late as possible,
> so if the curve selection depends on something you know (remote server
> address or such), it should be possible to select a specific curve
> depending on the information available.
Will configure it out for me needs.
Thanks for this hint.
>
> If we can define how a list of curves should be handled, we could
> try doing it too. But I wouldn't see it in 4.88.
Maybe you can get sample implementations from
nginx 1.11.* where ssl_ecdh_curve can be a list of curves.
There is also the possibility enabled to use multiple Certificates for
the same SNI.
>
> Currently after expansion there has to be *one* curve specifier, or
> "auto".
>
> Best regards from Dresden/Germany
> Viele Grüße aus Dresden
> Heiko
>
>
>
Regards
Torsten
