On Mon, Sep 23, 2024 at 10:56:57AM +0200, Geert Hendrickx via Postfix-users
wrote:
> On Mon, Sep 23, 2024 at 18:32:00 +1000, Viktor Dukhovni via Postfix-users
> wrote:
> > This is not a release-notes-worthy change, just avoids loss of minor
> > forensic
> > detail for externally loaded kex "groups" (or, more generally, KEMs).
>
> That's only true for the very last change - but the entire change allows
> *using* those KEM's.
Yes, I forgot that detail, fair enough. Still not sure this warrants an
entry in the RELEASE_NOTES file, but if it does, it could read:
[Feature 2024XXXX] Support for provider-based OpenSSL 3.x key
encapsulation methods (KEMs, generalisation of key exchange groups). In
prior Postfix versions it was not possible to use KEMs loaded from an
external (not built-in to OpenSSL) "provider". These can now be listed
in "tls_eecdh_auto_curves", along with any built-in curves.
I also took the opportunity to push another commit that updates the
docs, and slightly tweaks the group order to list secp384r1 becore
secp521r1, this is better aligned with the IANA status of these
curves:
https://datatracker.ietf.org/doc/html/rfc8447#section-9
https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.7
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
