https://bugs.exim.org/show_bug.cgi?id=2298
--- Comment #2 from Bertrand Jacquin <[email protected]> --- (In reply to Jeremy Harris from comment #1) > Most uses should leave tls_eccurve at the default "auto". With a modern > version of OpenSSL this will support the full set of curves known to the > library. This is true, with "auto", also one curve is offered > The use of accepting a list for tls_eccurve would be restricted to cases of > "more than one, but not the full set". I'm not sure how common that need is. Different software offer the ability to define the supported list of curve, such as: - haproxy http://git.haproxy.org/?p=haproxy.git;a=blob;f=doc/configuration.txt;h=48b69a5bd3593be30f07f379ab7de707da59527b;hb=HEAD#l10567 - nginx http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve Also, Mozilla recommand in https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility to support multiple curves. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
