[exim-cvs] OpenSSL: fix tls_eccurve setting explicit curve/g…

Página Inicial
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
Para: exim-cvs
Assunto: [exim-cvs] OpenSSL: fix tls_eccurve setting explicit curve/group. Bug 2954
Gitweb: https://git.exim.org/exim.git/commitdiff/ca4014de81e6aa367aa0a54c49b4c3d4b137814c
Commit:     ca4014de81e6aa367aa0a54c49b4c3d4b137814c
Parent:     cbaecb979ad04aeb7eb2fce524facc862496b8b7
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Jan 1 12:18:38 2023 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Jan 1 12:18:38 2023 +0000


    OpenSSL: fix tls_eccurve setting explicit curve/group.  Bug 2954
---
 doc/doc-txt/ChangeLog                    |  4 +++
 src/src/tls-openssl.c                    | 39 +++++++++++++----------
 test/confs/2148                          | 54 ++++++++++++++++++++++++++++++++
 test/confs/2149                          | 39 +++++++++++++----------
 test/log/{2149 => 2148}                  |  0
 test/log/2149                            | 39 +++++++++++------------
 test/paniclog/{2149 => 2148}             |  0
 test/scripts/2100-OpenSSL/{2149 => 2148} |  2 +-
 test/scripts/2100-OpenSSL/2149           | 50 +++++++++++++++--------------
 test/{paniclog/2149 => stderr/2148}      |  0
 test/stderr/2149                         |  3 --
 11 files changed, 148 insertions(+), 82 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index ee86f52d6..f51a23c9c 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -94,6 +94,10 @@ JH/19 Bug 2911: Fix a recursion in DNS lookups.  Previously, if the main option
       whine (as this is likely a configuration error), and returning
       DNS_NOMATCH.


+JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group.  Previously
+      this always failed, probably leading to the usual downgrade to in-clear
+      connections.
+


 Exim version 4.96
 -----------------
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index ae0986aac..4d0f99ea9 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -676,12 +676,12 @@ if (dh_bitsize <= tls_dh_max_bits)
     }
   else
     DEBUG(D_tls)
-      debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
+      debug_printf(" Diffie-Hellman initialized from %s with %d-bit prime\n",
     dhexpanded ? dhexpanded : US"default", dh_bitsize);
   }
 else
   DEBUG(D_tls)
-    debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
+    debug_printf(" dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
     dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits);


#if OPENSSL_VERSION_NUMBER < 0x30000000L
@@ -731,19 +731,27 @@ return TRUE;
#else

uschar * exp_curve;
-int nid;
-BOOL rv;
+int nid, rc;

# ifndef EXIM_HAVE_ECDH
DEBUG(D_tls)
- debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
+ debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n");
return TRUE;
# else

if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
return FALSE;
+
+/* Is the option deliberately empty? */
+
if (!exp_curve || !*exp_curve)
+ {
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n");
+ (void) SSL_CTX_set1_curves(sctx, &nid, 0);
+#endif
return TRUE;
+ }

 /* "auto" needs to be handled carefully.
  * OpenSSL <  1.0.2: we do not select anything, but fallback to prime256v1
@@ -756,23 +764,22 @@ if (Ustrcmp(exp_curve, "auto") == 0)
   {
 #if OPENSSL_VERSION_NUMBER < 0x10002000L
   DEBUG(D_tls) debug_printf(
-    "ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
+    " ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
   exp_curve = US"prime256v1";
 #else
 # if defined SSL_CTRL_SET_ECDH_AUTO
   DEBUG(D_tls) debug_printf(
-    "ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n");
+    " ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n");
   SSL_CTX_set_ecdh_auto(sctx, 1);
   return TRUE;
 # else
   DEBUG(D_tls) debug_printf(
-    "ECDH OpenSSL 1.1.0+: temp key parameter settings: default selection\n");
+    " ECDH OpenSSL 1.1.0+: temp key parameter settings: library default selection\n");
   return TRUE;
 # endif
 #endif
   }


-DEBUG(D_tls) debug_printf("ECDH: curve '%s'\n", exp_curve);
 if (  (nid = OBJ_sn2nid       (CCS exp_curve)) == NID_undef
 #   ifdef EXIM_HAVE_OPENSSL_EC_NIST2NID
    && (nid = EC_curve_nist2nid(CCS exp_curve)) == NID_undef
@@ -796,23 +803,23 @@ if (  (nid = OBJ_sn2nid       (CCS exp_curve)) == NID_undef
   /* The "tmp" in the name here refers to setting a temporary key
   not to the stability of the interface. */


-  if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
+  if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
     tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
   else
-    DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
+    DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
   EC_KEY_free(ecdh);
  }


 #else    /* v 3.0.0 + */


-if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
+if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr);
else
- DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);
+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve);

#endif

-return !rv;
+return !!rc;

 # endif    /*EXIM_HAVE_ECDH*/
 #endif /*OPENSSL_NO_ECDH*/
@@ -1746,7 +1753,7 @@ state_server.lib_state.lib_ctx = ctx;


 if (opt_unset_or_noexpand(tls_dhparam))
   {
-  DEBUG(D_tls) debug_printf("TLS: preloading DH params for server\n");
+  DEBUG(D_tls) debug_printf("TLS: preloading DH params '%s' for server\n", tls_dhparam);
   if (init_dh(ctx, tls_dhparam, &dummy_errstr))
     state_server.lib_state.dh = TRUE;
   }
@@ -1754,7 +1761,7 @@ else
   DEBUG(D_tls) debug_printf("TLS: not preloading DH params for server\n");
 if (opt_unset_or_noexpand(tls_eccurve))
   {
-  DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve for server\n");
+  DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve '%s' for server\n", tls_eccurve);
   if (init_ecdh(ctx, &dummy_errstr))
     state_server.lib_state.ecdh = TRUE;
   }
diff --git a/test/confs/2148 b/test/confs/2148
new file mode 100644
index 000000000..01aa76cf8
--- /dev/null
+++ b/test/confs/2148
@@ -0,0 +1,54 @@
+# Exim test configuration 2148
+
+SERVER =
+
+.include DIR/aux-var/tls_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+
+tls_advertise_hosts =    *
+tls_certificate =    DIR/aux-fixed/cert1
+tls_dhparam =        DATA
+
+
+# ----- Routers -----
+
+begin routers
+
+client:
+  driver =    accept
+  condition =    ${if eq {SERVER}{server}{no}{yes}}
+  retry_use_local_part
+  transport =    send_to_server
+
+server:
+  driver =    accept
+  retry_use_local_part
+  transport =    local_delivery
+
+
+# ----- Transports -----
+
+begin transports
+
+local_delivery:
+  driver =    appendfile
+  file =    DIR/test-mail/$local_part
+  create_file =    DIR/test-mail
+  headers_add =    TLS: cipher=$tls_cipher peerdn=$tls_peerdn
+  user = CALLER
+
+send_to_server:
+  driver =    smtp
+  allow_localhost
+  hosts =    127.0.0.1
+  port =    PORT_D
+  hosts_try_fastopen =    :
+  tls_verify_certificates =    DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames =    :
+
+# End
diff --git a/test/confs/2149 b/test/confs/2149
index d70cd5c63..3369288bb 100644
--- a/test/confs/2149
+++ b/test/confs/2149
@@ -10,9 +10,12 @@ primary_hostname = myhost.test.ex


acl_smtp_rcpt = accept

-tls_advertise_hosts = *
-tls_certificate = DIR/aux-fixed/cert1
-tls_dhparam = ${if eq {SERVER}{server}{DATA}fail}
+tls_advertise_hosts =    *
+tls_certificate =    DIR/aux-fixed/cert1
+
+.ifdef DATA
+tls_eccurve =        DATA
+.endif



# ----- Routers -----
@@ -20,15 +23,16 @@ tls_dhparam = ${if eq {SERVER}{server}{DATA}fail}
begin routers

 client:
-  driver = accept
-  condition = ${if eq {SERVER}{server}{no}{yes}}
+  driver =    accept
+  condition =    ${if eq {SERVER}{server}{no}{yes}}
   retry_use_local_part
-  transport = send_to_server
+  transport =    send_to_server
+  errors_to =    ""


 server:
-  driver = accept
+  driver =    accept
   retry_use_local_part
-  transport = local_delivery
+  transport =    local_delivery



# ----- Transports -----
@@ -36,19 +40,20 @@ server:
begin transports

 local_delivery:
-  driver = appendfile
-  file = DIR/test-mail/$local_part
-  create_file = DIR/test-mail
-  headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
-  user = CALLER
+  driver =    appendfile
+  file =    DIR/test-mail/$local_part
+  create_file =    DIR/test-mail
+  headers_add =    TLS: cipher=$tls_cipher peerdn=$tls_peerdn
+  user =    CALLER


 send_to_server:
-  driver = smtp
+  driver =    smtp
   allow_localhost
-  hosts = 127.0.0.1
-  port = PORT_D
-  hosts_try_fastopen =    :
+  hosts =    127.0.0.1
+  port =    PORT_D
+  hosts_try_fastopen =        :
   tls_verify_certificates =    DIR/aux-fixed/cert1
   tls_verify_cert_hostnames =    :
+  hosts_require_tls =        *


# End
diff --git a/test/log/2149 b/test/log/2148
similarity index 100%
copy from test/log/2149
copy to test/log/2148
diff --git a/test/log/2149 b/test/log/2149
index 1be072e7e..0d4235846 100644
--- a/test/log/2149
+++ b/test/log/2149
@@ -1,48 +1,45 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userw@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbB-0005vi-00 => usery@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbD-0005vi-00 => userz@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbE-0005vi-00"
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbF-0005vi-00 => usera@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-0005vi-00"
+1999-03-02 09:44:33 10HmbF-0005vi-00 => userx@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbG-0005vi-00"
1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbH-0005vi-00 => userb@??? R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes C="250 OK id=10HmbI-0005vi-00"
+1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1]: a TLS session is required, but an attempt to start TLS failed
+1999-03-02 09:44:33 10HmbH-0005vi-00 == userx@??? R=client T=send_to_server defer (-38) H=127.0.0.1 [127.0.0.1]: a TLS session is required, but an attempt to start TLS failed
+1999-03-02 09:44:33 10HmbH-0005vi-00 ** userx@???: retry timeout exceeded
+1999-03-02 09:44:33 10HmbH-0005vi-00 userx@???: error ignored
1999-03-02 09:44:33 10HmbH-0005vi-00 Completed

******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1234, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@???
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userw <userw@???> R=server T=local_delivery
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@???
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx <userx@???> R=server T=local_delivery
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@???
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaZ-0005vi-00@???
1999-03-02 09:44:33 10HmbA-0005vi-00 => userx <userx@???> R=server T=local_delivery
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small
-1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@???
-1999-03-02 09:44:33 10HmbC-0005vi-00 => usery <usery@???> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@???
+1999-03-02 09:44:33 10HmbC-0005vi-00 => userx <userx@???> R=server T=local_delivery
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1237, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@???
-1999-03-02 09:44:33 10HmbE-0005vi-00 => userz <userz@???> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@???
+1999-03-02 09:44:33 10HmbE-0005vi-00 => userx <userx@???> R=server T=local_delivery
1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1238, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike24' used
-1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-0005vi-00@???
-1999-03-02 09:44:33 10HmbG-0005vi-00 => usera <usera@???> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbG-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbF-0005vi-00@???
+1999-03-02 09:44:33 10HmbG-0005vi-00 => userx <userx@???> R=server T=local_delivery
1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1239, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike22' used
-1999-03-02 09:44:33 TLS error (D-H param setting 'ike22'): error:xxxxxxxx:SSL routines::dh key too small
-1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbH-0005vi-00@???
-1999-03-02 09:44:33 10HmbI-0005vi-00 => userb <userb@???> R=server T=local_delivery
-1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
+1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (Unknown curve name tls_eccurve 'bogus'): error:00000000:lib(0)::reason(0)
diff --git a/test/paniclog/2149 b/test/paniclog/2148
similarity index 100%
copy from test/paniclog/2149
copy to test/paniclog/2148
diff --git a/test/scripts/2100-OpenSSL/2149 b/test/scripts/2100-OpenSSL/2148
similarity index 96%
copy from test/scripts/2100-OpenSSL/2149
copy to test/scripts/2100-OpenSSL/2148
index b8ff65560..691814644 100644
--- a/test/scripts/2100-OpenSSL/2149
+++ b/test/scripts/2100-OpenSSL/2148
@@ -1,4 +1,4 @@
-# TLS: DH ciphers for OpenSSL
+# TLS: DH params for OpenSSL
#
# DH param from file
exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D
diff --git a/test/scripts/2100-OpenSSL/2149 b/test/scripts/2100-OpenSSL/2149
index b8ff65560..59263df81 100644
--- a/test/scripts/2100-OpenSSL/2149
+++ b/test/scripts/2100-OpenSSL/2149
@@ -1,50 +1,52 @@
-# TLS: DH ciphers for OpenSSL
+# TLS: EC curves for OpenSSL
#
-# DH param from file
-exim -DSERVER=server -DDATA=DIR/aux-fixed/dh2048 -bd -oX PORT_D
+# This is only checking the acceptability of option settings, not their effect
+# See packet captures for actual effects
+#
+# Baseline: tls_eccurve option not present
+exim -DSERVER=server -bd -oX PORT_D
****
-exim -odf userw@???
-Test message
+exim -odf userx@???
****
killdaemon
#
-# Too-big DH param (vs. tls_dh_max_bits), from file
-exim -DSERVER=server -DDATA=DIR/aux-fixed/dh3072 -bd -oX PORT_D
+# Explicit tls_eccurve setting of "auto"
+exim -DSERVER=server -DDATA=auto -bd -oX PORT_D
****
exim -odf userx@???
-Test message
****
killdaemon
#
-# Too-small DH param (library limitation), from file
-exim -DSERVER=server -DDATA=DIR/aux-fixed/dh512 -bd -oX PORT_D
+# Explicit tls_eccurve setting of ""
+# - unclear this works. At least with OpenSSL 3.0.5 we still get an x25519 keyshare in the Server Hello
+exim -DSERVER=server -DDATA= -bd -oX PORT_D
****
-exim -odf usery@???
-Test message
+exim -odf userx@???
****
killdaemon
#
-# Named DH-param
-exim -DSERVER=server -DDATA=ffdhe2048 -bd -oX PORT_D
+# prime256v1
+exim -DSERVER=server -DDATA=prime256v1 -bd -oX PORT_D
****
-exim -odf userz@???
-Test message
+exim -odf userx@???
****
killdaemon
#
-# Named DH-param, logged deprecation
-exim -DSERVER=server -DDATA=ike24 -bd -oX PORT_D
+# X448
+# Client Hello offers an x25519 keyshare, server says "Hello Retry Request" with a KeyShare extension "X448"
+# and the client retries Client Hello with that in the KeyShare.
+exim -DSERVER=server -DDATA=X448 -bd -oX PORT_D
****
-exim -odf usera@???
-Test message
+exim -odf userx@???
****
killdaemon
#
-# Named DH-param, panic-logged deprecation
-exim -DSERVER=server -DDATA=ike22 -bd -oX PORT_D
+# "bogus". Should fail to make connection.
+exim -DSERVER=server -DDATA=bogus -bd -oX PORT_D
****
-exim -odf userb@???
-Test message
+exim -odf userx@???
****
killdaemon
+#
+#
no_message_check
diff --git a/test/paniclog/2149 b/test/stderr/2148
similarity index 100%
rename from test/paniclog/2149
rename to test/stderr/2148
diff --git a/test/stderr/2149 b/test/stderr/2149
index dff86ef7c..045fadc9b 100644
--- a/test/stderr/2149
+++ b/test/stderr/2149
@@ -1,5 +1,2 @@

******** SERVER ********
-1999-03-02 09:44:33 TLS error (D-H param setting 'TESTSUITE/aux-fixed/dh512'): error:xxxxxxxx:SSL routines::dh key too small
-1999-03-02 09:44:33 WARNING: deprecated Diffie-Hellman parameter 'ike22' used
-1999-03-02 09:44:33 TLS error (D-H param setting 'ike22'): error:xxxxxxxx:SSL routines::dh key too small