Gitweb:
https://git.exim.org/exim.git/commitdiff/ca4014de81e6aa367aa0a54c49b4c3d4b137814c
Commit: ca4014de81e6aa367aa0a54c49b4c3d4b137814c
Parent: cbaecb979ad04aeb7eb2fce524facc862496b8b7
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Jan 1 12:18:38 2023 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sun Jan 1 12:18:38 2023 +0000
OpenSSL: fix tls_eccurve setting explicit curve/group. Bug 2954
---
doc/doc-txt/ChangeLog | 4 +++
src/src/tls-openssl.c | 39 +++++++++++++----------
test/confs/2148 | 54 ++++++++++++++++++++++++++++++++
test/confs/2149 | 39 +++++++++++++----------
test/log/{2149 => 2148} | 0
test/log/2149 | 39 +++++++++++------------
test/paniclog/{2149 => 2148} | 0
test/scripts/2100-OpenSSL/{2149 => 2148} | 2 +-
test/scripts/2100-OpenSSL/2149 | 50 +++++++++++++++--------------
test/{paniclog/2149 => stderr/2148} | 0
test/stderr/2149 | 3 --
11 files changed, 148 insertions(+), 82 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index ee86f52d6..f51a23c9c 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -94,6 +94,10 @@ JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option
whine (as this is likely a configuration error), and returning
DNS_NOMATCH.
+JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group. Previously
+ this always failed, probably leading to the usual downgrade to in-clear
+ connections.
+
Exim version 4.96
-----------------
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index ae0986aac..4d0f99ea9 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -676,12 +676,12 @@ if (dh_bitsize <= tls_dh_max_bits)
}
else
DEBUG(D_tls)
- debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
+ debug_printf(" Diffie-Hellman initialized from %s with %d-bit prime\n",
dhexpanded ? dhexpanded : US"default", dh_bitsize);
}
else
DEBUG(D_tls)
- debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
+ debug_printf(" dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits);
#if OPENSSL_VERSION_NUMBER < 0x30000000L
@@ -731,19 +731,27 @@ return TRUE;
#else
uschar * exp_curve;
-int nid;
-BOOL rv;
+int nid, rc;
# ifndef EXIM_HAVE_ECDH
DEBUG(D_tls)
- debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
+ debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n");
return TRUE;
# else
if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
return FALSE;
+
+/* Is the option deliberately empty? */
+
if (!exp_curve || !*exp_curve)
+ {
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n");
+ (void) SSL_CTX_set1_curves(sctx, &nid, 0);
+#endif
return TRUE;
+ }
/* "auto" needs to be handled carefully.
* OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1
@@ -756,23 +764,22 @@ if (Ustrcmp(exp_curve, "auto") == 0)
{
#if OPENSSL_VERSION_NUMBER < 0x10002000L
DEBUG(D_tls) debug_printf(
- "ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
+ " ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
exp_curve = US"prime256v1";
#else
# if defined SSL_CTRL_SET_ECDH_AUTO
DEBUG(D_tls) debug_printf(
- "ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n");
+ " ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n");
SSL_CTX_set_ecdh_auto(sctx, 1);
return TRUE;
# else
DEBUG(D_tls) debug_printf(
- "ECDH OpenSSL 1.1.0+: temp key parameter settings: default selection\n");
+ " ECDH OpenSSL 1.1.0+: temp key parameter settings: library default selection\n");
return TRUE;
# endif
#endif
}
-DEBUG(D_tls) debug_printf("ECDH: curve '%s'\n", exp_curve);
if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef
# ifdef EXIM_HAVE_OPENSSL_EC_NIST2NID
&& (nid = EC_curve_nist2nid(CCS exp_curve)) == NID_undef
@@ -796,23 +803,23 @@ if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef
/* The "tmp" in the name here refers to setting a temporary key
not to the stability of the interface. */
- if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
+ if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
else
- DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
EC_KEY_free(ecdh);
}
#else /* v 3.0.0 + */
-if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
+if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr);
else
- DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);
+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve);
#endif
-return !rv;
+return !!rc;
# endif /*EXIM_HAVE_ECDH*/
#endif /*OPENSSL_NO_ECDH*/
@@ -1746,7 +1753,7 @@ state_server.lib_state.lib_ctx = ctx;
if (opt_unset_or_noexpand(tls_dhparam))
{
- DEBUG(D_tls) debug_printf("TLS: preloading DH params for server\n");
+ DEBUG(D_tls) debug_printf("TLS: preloading DH params '%s' for server\n", tls_dhparam);
if (init_dh(ctx, tls_dhparam, &dummy_errstr))
state_server.lib_state.dh = TRUE;
}
@@ -1754,7 +1761,7 @@ else
DEBUG(D_tls) debug_printf("TLS: not preloading DH params for server\n");
if (opt_unset_or_noexpand(tls_eccurve))
{
- DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve for server\n");
+ DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve '%s' for server\n", tls_eccurve);
if (init_ecdh(ctx, &dummy_errstr))
state_server.lib_state.ecdh = TRUE;
}
diff --git a/test/confs/2148 b/test/confs/2148
new file mode 100644
index 000000000..01aa76cf8
--- /dev/null
+++ b/test/confs/2148
@@ -0,0 +1,54 @@
+# Exim test configuration 2148
+
+SERVER =
+
+.include DIR/aux-var/tls_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+
+tls_advertise_hosts = *
+tls_certificate = DIR/aux-fixed/cert1
+tls_dhparam = DATA
+
+
+# ----- Routers -----
+
+begin routers
+
+client:
+ driver = accept
+ condition = ${if eq {SERVER}{server}{no}{yes}}
+ retry_use_local_part
+ transport = send_to_server
+
+server:
+ driver = accept
+ retry_use_local_part
+ transport = local_delivery
+
+
+# ----- Transports -----
+
+begin transports
+
+local_delivery:
+ driver = appendfile
+ file = DIR/test-mail/$local_part
+ create_file = DIR/test-mail
+ headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
+ user = CALLER
+
+send_to_server:
+ driver = smtp
+ allow_localhost
+ hosts = 127.0.0.1
+ port = PORT_D
+ hosts_try_fastopen = :
+ tls_verify_certificates = DIR/aux-fixed/cert1
+ tls_verify_cert_hostnames = :
+
+# End
diff --git a/test/confs/2149 b/test/confs/2149
index d70cd5c63..3369288bb 100644
--- a/test/confs/2149
+++ b/test/confs/2149
@@ -10,9 +10,12 @@ primary_hostname = myhost.test.ex
acl_smtp_rcpt = accept
-tls_advertise_hosts = *
-tls_certificate = DIR/aux-fixed/cert1
-tls_dhparam = ${if eq {SERVER}{server}{DATA}fail}
+tls_advertise_hosts = *
+tls_certificate = DIR/aux-fixed/cert1
+
+.ifdef DATA
+tls_eccurve = DATA
+.endif
# ----- Routers -----
@@ -20,15 +23,16 @@ tls_dhparam = ${if eq {SERVER}{server}{DATA}fail}
begin routers
client:
- driver = accept
- condition = ${if eq {SERVER}{server}{no}{yes}}
+ driver = accept
+ condition = ${if eq {SERVER}{server}{no}{yes}}
retry_use_local_part
- transport = send_to_server
+ transport = send_to_server
+ errors_to = ""
server:
- driver = accept
+ driver = accept
retry_use_local_part
- transport = local_delivery
+ transport = local_delivery
# ----- Transports -----
@@ -36,19 +40,20 @@ server:
begin transports
local_delivery:
- driver = appendfile
- file = DIR/test-mail/$local_part
- create_file = DIR/test-mail
- headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
- user = CALLER
+ driver = appendfile
+ file = DIR/test-mail/$local_part
+ create_file = DIR/test-mail
+ headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
+ user = CALLER
send_to_server:
- driver = smtp
+ driver = smtp
allow_localhost
- hosts = 127.0.0.1
- port = PORT_D
- hosts_try_fastopen = :
+ hosts = 127.0.0.1
+ port = PORT_D
+ hosts_try_fastopen = :
tls_verify_certificates = DIR/aux-fixed/cert1
tls_verify_cert_hostnames = :
+ hosts_require_tls = *
# End
diff --git a/test/log/2149 b/test/log/2148
similarity index 100%
copy from test/log/2149
copy to test/log/2148
diff --git a/test/log/2149 b/test/log/2149
index 1be072e7e..0d4235846 100644
--- a/test/log/2149
+++ b/test/log/2149
@@ -1,48 +1,45 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userw@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbB-0005vi-00 => usery@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbD-0005vi-00 => userz@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00"
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbF-0005vi-00 => usera@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-0005vi-00"
+1999-03-02 09:44:33 10HmbF-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-0005vi-00"
1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbH-0005vi-00 => userb@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbI-0005vi-00"
+1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1]: a TLS session is required, but an attempt to start TLS failed
+1999-03-02 09:44:33 10HmbH-0005vi-00 == userx@??? R=client T=send_to_server defer (-38) H=127.0.0.1 [127.0.0.1]: a TLS session is required, but an attempt to start TLS failed
+1999-03-02 09:44:33 10HmbH-0005vi-00 ** userx@???: retry timeout exceeded
+1999-03-02 09:44:33 10HmbH-0005vi-00 userx@???: error ignored
1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@???
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userw <userw@???> R=server T=local_delivery
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@???
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx <userx@???> R=server T=local_delivery
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@???
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@???
1999-03-02 09:44:33 10HmbA-0005vi-00 => userx <userx@???> R=server T=local_delivery
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small
-1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@???
-1999-03-02 09:44:33 10HmbC-0005vi-00 => usery <usery@???> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@???
+1999-03-02 09:44:33 10HmbC-0005vi-00 => userx <userx@???> R=server T=local_delivery
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1237, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@???
-1999-03-02 09:44:33 10HmbE-0005vi-00 => userz <userz@???> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@???
+1999-03-02 09:44:33 10HmbE-0005vi-00 => userx <userx@???> R=server T=local_delivery
1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1238, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike24' used
-1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-0005vi-00@???
-1999-03-02 09:44:33 10HmbG-0005vi-00 => usera <usera@???> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbG-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-0005vi-00@???
+1999-03-02 09:44:33 10HmbG-0005vi-00 => userx <userx@???> R=server T=local_delivery
1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1239, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike22' used
-1999-03-02 09:44:33 TLS error (D-H param setting 'ike22'): error:xxxxxxxx:SSL routines::dh key too small
-1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbH-0005vi-00@???
-1999-03-02 09:44:33 10HmbI-0005vi-00 => userb <userb@???> R=server T=local_delivery
-1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
+1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (Unknown curve name tls_eccurve 'bogus'): error:00000000:lib(0)::reason(0)
diff --git a/test/paniclog/2149 b/test/paniclog/2148
similarity index 100%
copy from test/paniclog/2149
copy to test/paniclog/2148
diff --git a/test/scripts/2100-OpenSSL/2149 b/test/scripts/2100-OpenSSL/2148
similarity index 96%
copy from test/scripts/2100-OpenSSL/2149
copy to test/scripts/2100-OpenSSL/2148
index b8ff65560..691814644 100644
--- a/test/scripts/2100-OpenSSL/2149
+++ b/test/scripts/2100-OpenSSL/2148
@@ -1,4 +1,4 @@
-# TLS: DH ciphers for OpenSSL
+# TLS: DH params for OpenSSL
#
# DH param from file
exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D
diff --git a/test/scripts/2100-OpenSSL/2149 b/test/scripts/2100-OpenSSL/2149
index b8ff65560..59263df81 100644
--- a/test/scripts/2100-OpenSSL/2149
+++ b/test/scripts/2100-OpenSSL/2149
@@ -1,50 +1,52 @@
-# TLS: DH ciphers for OpenSSL
+# TLS: EC curves for OpenSSL
#
-# DH param from file
-exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D
+# This is only checking the acceptability of option settings, not their effect
+# See packet captures for actual effects
+#
+# Baseline: tls_eccurve option not present
+exim -DSERVER=server -bd -oX PORT_D
****
-exim -odf userw@???
-Test message
+exim -odf userx@???
****
killdaemon
#
-# Too-big DH param (vs. tls_dh_max_bits), from file
-exim -DSERVER=server -DDATA=DIR/aux-fixed/dh3072 -bd -oX PORT_D
+# Explicit tls_eccurve setting of "auto"
+exim -DSERVER=server -DDATA=auto -bd -oX PORT_D
****
exim -odf userx@???
-Test message
****
killdaemon
#
-# Too-small DH param (library limitation), from file
-exim -DSERVER=server -DDATA=DIR/aux-fixed/dh512 -bd -oX PORT_D
+# Explicit tls_eccurve setting of ""
+# - unclear this works. At least with OpenSSL 3.0.5 we still get an x25519 keyshare in the Server Hello
+exim -DSERVER=server -DDATA= -bd -oX PORT_D
****
-exim -odf usery@???
-Test message
+exim -odf userx@???
****
killdaemon
#
-# Named DH-param
-exim -DSERVER=server -DDATA=ffdhe2048 -bd -oX PORT_D
+# prime256v1
+exim -DSERVER=server -DDATA=prime256v1 -bd -oX PORT_D
****
-exim -odf userz@???
-Test message
+exim -odf userx@???
****
killdaemon
#
-# Named DH-param, logged deprecation
-exim -DSERVER=server -DDATA=ike24 -bd -oX PORT_D
+# X448
+# Client Hello offers an x25519 keyshare, server says "Hello Retry Request" with a KeyShare extension "X448"
+# and the client retries Client Hello with that in the KeyShare.
+exim -DSERVER=server -DDATA=X448 -bd -oX PORT_D
****
-exim -odf usera@???
-Test message
+exim -odf userx@???
****
killdaemon
#
-# Named DH-param, panic-logged deprecation
-exim -DSERVER=server -DDATA=ike22 -bd -oX PORT_D
+# "bogus". Should fail to make connection.
+exim -DSERVER=server -DDATA=bogus -bd -oX PORT_D
****
-exim -odf userb@???
-Test message
+exim -odf userx@???
****
killdaemon
+#
+#
no_message_check
diff --git a/test/paniclog/2149 b/test/stderr/2148
similarity index 100%
rename from test/paniclog/2149
rename to test/stderr/2148
diff --git a/test/stderr/2149 b/test/stderr/2149
index dff86ef7c..045fadc9b 100644
--- a/test/stderr/2149
+++ b/test/stderr/2149
@@ -1,5 +1,2 @@
******** SERVER ********
-1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small
-1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike22' used
-1999-03-02 09:44:33 TLS error (D-H param setting 'ike22'): error:xxxxxxxx:SSL routines::dh key too small