Viktor Dukhovni:
> > On Jun 9, 2020, at 7:22 PM, Viktor Dukhovni <postfix-us...@dukhovni.org>
> > wrote:
> >
> > This predates support for automatic negotiated EC curve selection
> > in OpenSSL, and is now just a bad idea. The default "auto" setting
> > is the only correct one to use. That said, how this breaks loading
> > of RSA certificate chains is rather a deep mystery I shall pursue
> > with the OpenSSL team.
>
> Turns out the problem is that my SNI code in Postfix did not expect
> to be called twice for the same connection as happens with TLS 1.3
> HRR (hello retry requests) when the client's key share guess does
> not match the server's supported signature algorithms (e.g. only P384
> with "smtpd_tls_eecdh_grade = ultra").
>
> Git commit at:
>
>
> https://github.com/vdukhovni/postfix/commit/851b525c5c09405c48b8cd697d14cb0d2edbb68b
>
> Raw patch:
>
>
> https://github.com/vdukhovni/postfix/commit/851b525c5c09405c48b8cd697d14cb0d2edbb68b.patch
>
> This applies to Postfix 3.4, 3.5 and 3.6 snapshots.
Released in postfix-3.6-20200610. Stable releases will be updated
after the code has been running for a few days.
Wietse
