[Date Prev][Date Next]
Re: RE24 testing call (2.4.48) LMDB RE0.9 testing call (0.9.24)
Geert Hendrickx wrote:
> On Tue, Jul 16, 2019 at 09:49:36 -0700, Quanah Gibson-Mount wrote:
>> --On Tuesday, July 16, 2019 5:27 PM +0200 Geert Hendrickx
>> <email@example.com> wrote:
>>> With OpenSSL 1.0.1 (CentOS 6) and OpenSSL 1.0.2 (CentOS 7), it does not
>>> use ECC until I explicitly set a curve in olcTLSECName. There is no
>>> default value? This is contrary to expectation, most TLS enabled
>>> software enable ECC by default, based on the configured cipher string.
>> Hi Geert,
>> The OpenSSL API does not support more than 1 EC to be enabled per context.
> Hmm, at least nginx and postfix support specifying multiple curves:
> Both specifically refer to OpenSSL >= 1.0.2
Feel free to submit a patch. But it won't be in time for 2.4.48.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/