https://bugs.exim.org/show_bug.cgi?id=2298
--- Comment #5 from Bertrand Jacquin <bertrand@???> ---
(In reply to Jeremy Harris from comment #4)
> > This is true, with "auto", also one curve is offered
>
> If you're only seeing one, then you're not using a modern version of OpenSSL.
> What do you have?
I am actually using OpenSSL 1.0.2t and indeed multiple cuves are being offered
with default settings
$ openssl s_client < /dev/null -connect smtp.local:465 -curves prime256v1 2>
/dev/null | fgrep 'Server Temp Key'
Server Temp Key: ECDH, P-256, 256 bits
$ openssl s_client < /dev/null -connect smtp.local:465 -curves secp384r1 2>
/dev/null | fgrep 'Server Temp Key'
Server Temp Key: ECDH, P-384, 384 bits
However Exim does not offer the ability for system administrators to manually
select one or multiple curves:
$ grep -F tls_eccurve /etc/exim/exim.conf
tls_eccurve = prime256v1 : secp384r1
$ openssl s_client < /dev/null -connect smtp.local:465 -curves secp384r1 2>
/dev/null | fgrep 'Server Temp Key'
$ tail /var/log/exim.log
2019-09-29 19:59:52 TLS error on connection from [1.2.3.4]:13038
I=[1.2.3.42]:465 (Unknown curve name tls_eccurve 'prime256v1 : secp384r1'):
error:00000000:lib(0):func(0):reason(0)
--
You are receiving this mail because:
You are on the CC list for the bug.
