Re: (ITS#9054) Add support for multiple EECDH curves

[quanah]

--On Tuesday, July 16, 2019 9:45 PM + qua...@openldap.org wrote:

> Full_Name: Quanah Gibson-Mount
> Version: 2.4.47
> OS: N/A
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (47.208.128.44)
>
>
> Currently OpenLDAP only allows for a single EECDH curve to be configured.
> However, OpenSSL 1.0.2 released in January 2015 was the first release to
> implement negotiation of supported curves in TLS servers.  OpenLDAP needs
> updating to support this functionality.


tls_dh.c in postfix/src/tls_dh.c gives some insight into how to correctly 
do this with OpenSSL, in the tls_auto_eecdh_curves fucntion.

--Quanah



--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

(ITS#9054) Add support for multiple EECDH curves

[quanah]

Full_Name: Quanah Gibson-Mount
Version: 2.4.47
OS: N/A
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.128.44)


Currently OpenLDAP only allows for a single EECDH curve to be configured. 
However, OpenSSL 1.0.2 released in January 2015 was the first release to
implement negotiation of supported curves in TLS servers.  OpenLDAP needs
updating to support this functionality.

Re: (ITS#7657) Alias dereferencing with MDB slow compared with BDB

[Mark . Cairney]

Hi Howard,

Brilliant- I notice that there's a 2.4.48 RC due out shortly so Ill roll
that out on a Dev box and see how it performs.

Kind regards,

Mark


On 15/07/2019 17:07, Howard Chu wrote:
> Fyi, we recently revisited this issue and are seeing improved results with
> commit e90e8c7d3c12d897bb0584ba04dc519d4f23acf9 in master.
> 

-- 
/

Mark Cairney
ITI Enterprise Services
Information Services
University of Edinburgh

Tel: 0131 650 6565
Email: mark.cair...@ed.ac.uk
PGP: 0x435A9621

***/

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.