On Sat, Aug 12, 2023 at 03:21:00PM +0000, gil...@poolp.org wrote: > August 12, 2023 4:34 PM, "Theo Buehler" <t...@theobuehler.org> wrote: > > > On Sat, Aug 12, 2023 at 02:29:45PM +0000, gil...@poolp.org wrote: > > > >> Hello, > >> > >> Someone asked about selectable curves in the OpenSMTPD portable tracker, > >> and it turns out I had a diff for that among a few others. > > > > Why do they need this? > > I suspect for the same reason people have needed ciphers selection in the > past, > being able to comply with the requirements of some certification (iirc, > medical > mail systems, for example, have strict requirements regarding their setup). > > Anyways, I've written this a long time ago and I'm providing it in case it's > of > any interest, feel free to discard. >
This is moving *backwards* from best practices. Notice that TLS 1.3 did remove EC parameters choice, because this could lead to downgrade MIT attacks.