https://bugs.exim.org/show_bug.cgi?id=1397
Jeremy Harris changed:
What|Removed |Added
Resolution|--- |FIXED
Status|ASSIGNED
https://bugs.exim.org/show_bug.cgi?id=1397
--- Comment #14 from Git Commit ---
Git commit:
http://git.exim.org/exim.git/commitdiff/10ca4f1ca3116f346dcc19645b59c443e57d26a8
commit 10ca4f1ca3116f346dcc19645b59c443e57d26a8
Author: Jeremy Harris
AuthorDate: Tue May 26 16:36:08 2015 +0100
Commit
https://bugs.exim.org/show_bug.cgi?id=1397
--- Comment #13 from Jeremy Harris ---
That was basically Phil's coding from comment 1. Do we want to go on to pick
up the Suse patch which adds a new option "tls_eccurve" ?
tls_eccurve values:
blank: NIST P-256
"auto": let the OpenSSL library decide
https://bugs.exim.org/show_bug.cgi?id=1397
Git Commit changed:
What|Removed |Added
CC||g...@exim.org
--- Comment #12 from Git Commit ---
https://bugs.exim.org/show_bug.cgi?id=1397
Jeremy Harris changed:
What|Removed |Added
Target Milestone|Exim 4.82 |Exim 4.86
Assignee|p...@exim.org
https://bugs.exim.org/show_bug.cgi?id=1397
--- Comment #10 from Jeremy Harris ---
Running this through the testsuite, it appears to stop SNI working for
selecting a server cert.
We call the context-setup routing a second time, on getting an SNI callback
(just like we do for the dh context-setup)
On 01/10/14 10:55, Jeremy Harris wrote:
> On 30/09/14 19:16, Todd Lyons wrote:
>> I have taken the patch provided by Wolfgang and changed it slightly.
>> I moved the default setting from tls-openssl.c into globals.c. Now
>> the if tls_eccurve==NULL does something slightly different, but the
>> res
--- You are receiving this mail because: ---
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397
Jeremy Harris changed:
What|Removed |Added
--- You are receiving this mail because: ---
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397
Lars Müller changed:
What|Removed |Added
On 30/09/14 19:16, Todd Lyons wrote:
> I have taken the patch provided by Wolfgang and changed it slightly.
> I moved the default setting from tls-openssl.c into globals.c. Now
> the if tls_eccurve==NULL does something slightly different, but the
> rest of Wolfang's code is unchanged. (It checks t
I have taken the patch provided by Wolfgang and changed it slightly.
I moved the default setting from tls-openssl.c into globals.c. Now
the if tls_eccurve==NULL does something slightly different, but the
rest of Wolfang's code is unchanged. (It checks to see if errant code
left it NULL, which in m
--- You are receiving this mail because: ---
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397
Todd Lyons changed:
What|Removed |Added
--- You are receiving this mail because: ---
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397
--- Comment #6 from Phil Pennock 2013-10-15 18:41:37 ---
Okay, this GnuTLS problem is a regression and the sort of thing we're looking
to discover during the Rel
--- You are receiving this mail because: ---
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397
--- Comment #5 from Todd Lyons 2013-10-15 14:34:34 ---
> Frankly, the more I look at this, the more inclined I am to say that 4.82
> should go out without explic
> Frankly, the more I look at this, the more inclined I am to say that 4.82
> should go out without explicit support for enabling ECDHE, so that we can
> better understand the issues. A quick and simple fix, as uninvasive as
> possible, is one thing, but this now looks like that's just inadequate.
--- You are receiving this mail because: ---
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397
--- Comment #4 from Wolfgang Breyha 2013-10-15 10:43:53 ---
(In reply to comment #3)
> In the meantime, if ECDHE matters then I suggest using GnuTLS with Exim an
--- You are receiving this mail because: ---
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397
--- Comment #3 from Phil Pennock 2013-10-15 05:21:20 ---
I don't know enough about cryptanalysis of EC to advocate for any particular
curve. I don't know enough
--- You are receiving this mail because: ---
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397
--- Comment #2 from Wolfgang Breyha 2013-10-15 01:15:04 ---
:)
Meanwhile I found a statement in the dovecot mailinglist why most people use
secp384r1 as default
--- You are receiving this mail because: ---
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1397
Phil Pennock changed:
What|Removed |Added
19 matches
Mail list logo