https://bugs.exim.org/show_bug.cgi?id=2298
--- Comment #2 from Bertrand Jacquin <bertrand@???> ---
(In reply to Jeremy Harris from comment #1)
> Most uses should leave tls_eccurve at the default "auto". With a modern
> version of OpenSSL this will support the full set of curves known to the
> library.
This is true, with "auto", also one curve is offered
> The use of accepting a list for tls_eccurve would be restricted to cases of
> "more than one, but not the full set". I'm not sure how common that need is.
Different software offer the ability to define the supported list of curve,
such as:
- haproxy
http://git.haproxy.org/?p=haproxy.git;a=blob;f=doc/configuration.txt;h=48b69a5bd3593be30f07f379ab7de707da59527b;hb=HEAD#l10567
- nginx
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve
Also, Mozilla recommand in
https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility to
support multiple curves.
--
You are receiving this mail because:
You are on the CC list for the bug.
