[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#9054) Add support for multiple EECDH curves

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#9054) Add support for multiple EECDH curves
From: quanah@symas.com
Date: Tue, 16 Jul 2019 23:39:19 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

--On Tuesday, July 16, 2019 9:45 PM +0000 quanah@openldap.org wrote:

> Full_Name: Quanah Gibson-Mount
> Version: 2.4.47
> OS: N/A
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (47.208.128.44)
>
>
> Currently OpenLDAP only allows for a single EECDH curve to be configured.
> However, OpenSSL 1.0.2 released in January 2015 was the first release to
> implement negotiation of supported curves in TLS servers.  OpenLDAP needs
> updating to support this functionality.


tls_dh.c in postfix/src/tls_dh.c gives some insight into how to correctly 
do this with OpenSSL, in the tls_auto_eecdh_curves fucntion.

--Quanah



--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Prev by Date: (ITS#9054) Add support for multiple EECDH curves
Next by Date: Re: (ITS#8875) [Patch] Performance problems in back-mdb with large DITs and many aliases
Index(es):
- Chronological
- Thread