On Mon, Apr 21, 2014 at 12:27:07AM +0200, Wolfgang Breyha wrote:
> On 19/04/14 19:30, Todd Lyons wrote:
> > Can we get some votes yea or nay for beginning a release cycle
> > for Exim 4.83?
>
> +1 if
> http://bugs.exim.org/show_bug.cgi?id=1397
> or something similar enabling ECDHE is included;-)
There really is little need at this time to go out of one's way to
match the symmetric block algorithm bit length with the EC strength,
provided both exceed a reasonable floor.
Therefore the simplest thing is to provide either curve as a default,
and allow users to configure the other:
http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade
http://www.postfix.org/postconf.5.html#tls_eecdh_strong_curve
http://www.postfix.org/postconf.5.html#tls_eecdh_ultra_curve
http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs
smtpd_tls_eecdh_grade = strong | ultra
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
With later releases of OpenSSL it will become possible to make the
choice more automatically.
--
Viktor.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
