https://bugs.exim.org/show_bug.cgi?id=2298
Bug ID: 2298
Summary: tls_eccurve does not accept multiple entries
Product: Exim
Version: 4.91
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146exb@???
Reporter: bertrand@???
CC: exim-dev@???
Hi,
Looking at exim documentation, I see the following statement for tls_eccurve:
After expansion it must contain a valid EC curve parameter, such as
prime256v1, secp384r1, or P-512. Consult your OpenSSL manual for valid
selections.
Assuming multiple curves can be specified, I made the following configuration:
tls_eccurve = prime256v1 : secp384r1 : secp521r1
Exim is starting properly but refuse any TLS connection with the following
error:
2018-08-10 03:14:26 TLS error on connection from xxxx (Unknown curve name
tls_eccurve 'prime256v1 : secp384r1 : secp521r1'):
error:00000000:lib(0):func(0):reason(0)
Specifying only one curve in tls_eccurve restore connectivity.
Looking at the code, it seems multiple curves cannot be used:
https://git.exim.org/exim.git/blob/c1b32ab6ef9300e2ecab6736139e3e50874cd3a6:/src/src/tls-openssl.c#l782
Would it be possible to add support for multiple curves in Exim ?
With OpenSSL supporting more and more curves, I would love to support more than
a single curves on my setup.
Thanks!
--
You are receiving this mail because:
You are on the CC list for the bug.
