[exim-dev] [Bug 2298] tls_eccurve does not accept multiple e…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2298] tls_eccurve does not accept multiple entries
https://bugs.exim.org/show_bug.cgi?id=2298

--- Comment #2 from Bertrand Jacquin <bertrand@???> ---
(In reply to Jeremy Harris from comment #1)
> Most uses should leave tls_eccurve at the default "auto". With a modern
> version of OpenSSL this will support the full set of curves known to the
> library.


This is true, with "auto", also one curve is offered

> The use of accepting a list for tls_eccurve would be restricted to cases of
> "more than one, but not the full set". I'm not sure how common that need is.


Different software offer the ability to define the supported list of curve,
such as:
- haproxy
http://git.haproxy.org/?p=haproxy.git;a=blob;f=doc/configuration.txt;h=48b69a5bd3593be30f07f379ab7de707da59527b;hb=HEAD#l10567
- nginx http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve

Also, Mozilla recommand in
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility to
support multiple curves.

--
You are receiving this mail because:
You are on the CC list for the bug.