On 01/10/14 10:55, Jeremy Harris wrote: > On 30/09/14 19:16, Todd Lyons wrote: >> I have taken the patch provided by Wolfgang and changed it slightly. >> I moved the default setting from tls-openssl.c into globals.c. Now >> the if tls_eccurve==NULL does something slightly different, but the >> rest of Wolfang's code is unchanged. (It checks to see if errant code >> left it NULL, which in my understanding can never happen, but this >> checks for errors every way possible.) >> >> The commit is available for viewing at >> http://git.exim.org/users/tlyons/exim.git/shortlog/refs/heads/master_ecdhe >> . Please look it over and see if there is anything that you feel >> should be done differently. >> >> I'm aware of Phil's reservation with setting a default cipher. >> Personally I would rather set it to secp384r1 (default to higher, but >> standard encryption...the alternative is only trying to use it when >> tls_eccurve is actually set). prime256v1 and secp384r1are both FIPS >> compliant so it is in at least every RH/CentOS openssl package 1.0.0+. >> Suse must be the same since they have incorporated the patch into >> their more recent OS version. Debian/Ubuntu has a recent version of >> openssl, so it's worth checking to see if this would work on that too. > > Add this info to the change log? Also http://safecurves.cr.yp.to ?
I think the default behaviour should be "best common practice" as far as the platform is capable. I'm fine with that being prime256v1 for earlier platforms but I think we should defer to the OpenSSL guys on the later ones, using the auto facility (as the default). We could either have the initialiser vary according to $define(s) or we could nail the default to "auto" and say that on the earlier platforms this means prime256v1, implemented by #ifdefs in init_ecdh(). I mildly prefer the latter, if we're going to support the earlier platforms and the curve selection. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##