[exim-dev] [Bug 2298] New: tls_eccurve does not accept multi…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 2298] tls_eccurve does not accept multiple entries, [exim-dev] [Bug 2298] tls_eccurve does not accept multiple entries, [exim-dev] [Bug 2298] tls_eccurve does not accept multiple entries, [exim-dev] [Bug 2298] tls_eccurve does not accept multiple entries, [exim-dev] [Bug 2298] tls_eccurve does not accept multiple entries
Subject: [exim-dev] [Bug 2298] New: tls_eccurve does not accept multiple entries
https://bugs.exim.org/show_bug.cgi?id=2298

            Bug ID: 2298
           Summary: tls_eccurve does not accept multiple entries
           Product: Exim
           Version: 4.91
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: TLS
          Assignee: jgh146exb@???
          Reporter: bertrand@???
                CC: exim-dev@???


Hi,

Looking at exim documentation, I see the following statement for tls_eccurve:

    After expansion it must contain a valid EC curve parameter, such as
prime256v1, secp384r1, or P-512. Consult your OpenSSL manual for valid
selections.


Assuming multiple curves can be specified, I made the following configuration:

    tls_eccurve = prime256v1 : secp384r1 : secp521r1


Exim is starting properly but refuse any TLS connection with the following
error:

    2018-08-10 03:14:26 TLS error on connection from xxxx (Unknown curve name
tls_eccurve 'prime256v1 : secp384r1 : secp521r1'):
error:00000000:lib(0):func(0):reason(0)


Specifying only one curve in tls_eccurve restore connectivity.
Looking at the code, it seems multiple curves cannot be used:
https://git.exim.org/exim.git/blob/c1b32ab6ef9300e2ecab6736139e3e50874cd3a6:/src/src/tls-openssl.c#l782

Would it be possible to add support for multiple curves in Exim ?
With OpenSSL supporting more and more curves, I would love to support more than
a single curves on my setup.

Thanks!

--
You are receiving this mail because:
You are on the CC list for the bug.