Re: [exim] Exim 4.88 RC6 uploaded

Góra strony
Delete this message
Reply to this message
Autor: Torsten Tributh
Data:  
Dla: exim-users
Temat: Re: [exim] Exim 4.88 RC6 uploaded


On 12/11/2016 06:45 PM, Heiko Schlittermann wrote:
> Hello,
>
> Torsten Tributh <exim-users@???> (Sa 10 Dez 2016 14:50:22 CET):
>> Some more questions:
>> Is there a possibility to log the used curve like the way the used
>> cipher is logged?
>
> If we find a good way to include it in the log, without breaking
> the current format: yes.


Sounds good.

>
>> Can it be possible to put a list of curves into
>> tls_eccurve instead of a single curve?
>>
>> I tried to use: "X25519:brainpoolP384r1:brainpoolP512r1:secp521r1:secp384r1"
>> but than i have only an error in the log like:
>
> The tls_eccurve gets expanded as late as possible,
> so if the curve selection depends on something you know (remote server
> address or such), it should be possible to select a specific curve
> depending on the information available.


Will configure it out for me needs.
Thanks for this hint.

>
> If we can define how a list of curves should be handled, we could
> try doing it too. But I wouldn't see it in 4.88.


Maybe you can get sample implementations from
nginx 1.11.* where ssl_ecdh_curve can be a list of curves.
There is also the possibility enabled to use multiple Certificates for
the same SNI.

>
> Currently after expansion there has to be *one* curve specifier, or
> "auto".
>
>     Best regards from Dresden/Germany
>     Viele Grüße aus Dresden
>     Heiko

>
>
>


Regards
Torsten