https://bugs.exim.org/show_bug.cgi?id=2298
--- Comment #5 from Bertrand Jacquin <[email protected]> --- (In reply to Jeremy Harris from comment #4) > > This is true, with "auto", also one curve is offered > > If you're only seeing one, then you're not using a modern version of OpenSSL. > What do you have? I am actually using OpenSSL 1.0.2t and indeed multiple cuves are being offered with default settings $ openssl s_client < /dev/null -connect smtp.local:465 -curves prime256v1 2> /dev/null | fgrep 'Server Temp Key' Server Temp Key: ECDH, P-256, 256 bits $ openssl s_client < /dev/null -connect smtp.local:465 -curves secp384r1 2> /dev/null | fgrep 'Server Temp Key' Server Temp Key: ECDH, P-384, 384 bits However Exim does not offer the ability for system administrators to manually select one or multiple curves: $ grep -F tls_eccurve /etc/exim/exim.conf tls_eccurve = prime256v1 : secp384r1 $ openssl s_client < /dev/null -connect smtp.local:465 -curves secp384r1 2> /dev/null | fgrep 'Server Temp Key' $ tail /var/log/exim.log 2019-09-29 19:59:52 TLS error on connection from [1.2.3.4]:13038 I=[1.2.3.42]:465 (Unknown curve name tls_eccurve 'prime256v1 : secp384r1'): error:00000000:lib(0):func(0):reason(0) -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
