------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397 --- Comment #2 from Wolfgang Breyha <[email protected]> 2013-10-15 01:15:04 --- :) Meanwhile I found a statement in the dovecot mailinglist why most people use secp384r1 as default instead of prime256v1. /* For OpenSSL < 1.0.2, ECDH temporary key parameter selection must be performed manually. Attempt to select the same curve as that used in the server's private EC key file. Otherwise fall back to the NIST P-384 (secp384r1) curve to be compliant with RFC 6460 when AES-256 TLS cipher suites are in use. This fall back option does however make Dovecot non-compliant with RFC 6460 which requires curve NIST P-256 (prime256v1) be used when AES-128 TLS cipher suites are in use. At least the non-compliance is in the form of providing too much security rather than too little. */ That sounds reasonable for me. Maybe we should use secp384r1 as default, too? -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
