inn-workers Digest, Vol 66, Issue 8

inn-workers-request Mon, 24 Nov 2014 04:00:20 -0800

Send inn-workers mailing list submissions to
        [email protected]


To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
        [email protected]

You can reach the person managing the list at
        [email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."


Today's Topics:

   1. Re: [patch] more TLS configuration options for nnrpd (Julien ?LIE)


----------------------------------------------------------------------

Message: 1
Date: Sun, 23 Nov 2014 14:10:26 +0100
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: [patch] more TLS configuration options for nnrpd
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hi Christian,

> In fact, I have got ECDH support implemented. I'll attach a patch that
> goes on top of the first one, and would very much like people to
> critique this and test it, because the OpenSSL docs are less than
> helpful and I had to resort to reverse engineer the apache source.
> Consider it experimental -- not "crashing your server", but "may be
> insecure".

I have been testing your patch for a few days, without any problem.
Thanks for it!

Reading the OBJ_nid2obj(3) doc, I see that they #include 
<openssl/objects.h> when using OBJ_nid2sn().  Shouldn't we also add that 
include in tls.h when HAVE_SSL_ECC is set?



>    The default is unset, which means an appropriate curve is
>    auto-selected (if your OpenSSL version supports it) or the NIST
>    P-256 curve is used.

I see:
     SSL_CTX_set_tmp_ecdh(CTX,
         EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));

Are we sure NID_X9_62_prime256v1 always exists?  Maybe in OpenSSL 
versions where SSL_CTX_set_ecdh_auto does not exist, this curve exists; 
so that's fine to call it without testing its existence.

-- 
Julien ?LIE

? Ils ont refus? une offre de Normand ?!? ? (Ast?rix)


------------------------------

_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers

End of inn-workers Digest, Vol 66, Issue 8
******************************************

inn-workers Digest, Vol 66, Issue 8

Reply via email to