[Date Prev][Date Next]
Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
- To: Quanah Gibson-Mount <firstname.lastname@example.org>
- Subject: Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
- From: Geert Hendrickx <email@example.com>
- Date: Tue, 16 Jul 2019 16:27:18 +0200
- Cc: firstname.lastname@example.org
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=hendrickx.be; s=geert; t=1563287238; bh=PqCLzDLfGMeWZ3LC7gMF6nwByXqfkd/vBAy4WG80oOE=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=KBbnSDP8uTyMBBlYSc6YfRKWuhzwL1rSwUYYKScViwDI5plO6WhF8oCzS7cYsDeJV J/sPKfn7EypXE998BcgVbuEaeZlbjYTel1kheSfxxg5mAtI/WRp15T3rMOURja87Ur /dmIjn/CUCg+6Qk2Lt+brAmCU5o5LQ4Q3LPp3Nr5NaTC1H+teXw+i7EPHfrjW45VIB w16YT7C3ucenDOmwpAjqw3dLWN5Ml02sONVt6t4VsJdq0Jyo7kRYZh8Ax3bwks8nBM hL1TW9bJfJOXXvSL0w2efwWcI74b2eVbwqBDqKJGQ6X4oTXz2a5SUnNtS9R6dFqoRk w5xKBYk3/8kzg==
- In-reply-to: <DE273198FC0A963A5F733B11@[192.168.1.39]>
- References: <DE273198FC0A963A5F733B11@[192.168.1.39]>
- User-agent: Mutt/1.12.1 (2019-06-15)
I tested the RE24 branch specifically for the ECC support, but the default
behaviour seems to depend on the OpenSSL version.
With OpenSSL 1.0.1 (CentOS 6) and OpenSSL 1.0.2 (CentOS 7), it does not use
ECC until I explicitly set a curve in oclTLSECName. There is no default
value? This is contrary to expectation, most TLS enabled software enable
ECC by default, based on the configured cipher string.
However with OpenSSL 1.1.1 (Arch Linux), it does work out of the box, and
appears to use prime256v1,secp384r1,secp521r1 (openssl builtin default?).
But, I can only override it with a single curve, since oclTLSECName is
single-valued. And colon, comma or otherwise separated is not accepted
(TLS: could not use EC name `prime256v1,secp384r1,secp521r1').
OpenSSL supports multiple curves in configuration starting with 1.0.2, so
I'd expect the same behaviour with 1.0.2 as with 1.1.1, not as with 1.0.1.
So I'm confused, as the code seems to do nothing OpenSSL version specific.
geert.hendrickx.be :: email@example.com :: PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!