On Thu, Sep 19, 2024 at 09:02:39AM +0200, Geert Hendrickx via Postfix-users
wrote:
> Could the reverse lookup be fixed as well, for Received headers and logging?
>
> > Anonymous TLS connection established from X: TLSv1.3 with cipher
> > TLS_AES_128_GCM_SHA256
> > (128/128 bits) key-exchange UNDEF server-signature ECDSA (prime256v1)
> > server-digest SHA256
Try the below:
--- src/tls/tls_misc.c
+++ src/tls/tls_misc.c
@@ -1057,6 +1057,13 @@ void tls_get_signature_params(TLS_SESS_STATE
*TLScontext)
kex_name = OBJ_nid2sn(EVP_PKEY_type(nid));
break;
+#if defined(EVP_PKEY_KEYMGMT)
+ case EVP_PKEY_KEYMGMT:
+ kex_name = EVP_PKEY_get0_type_name(dh_pkey);
+ TLScontext->kex_bits = 0;
+ break;
+#endif
+
case EVP_PKEY_DH:
kex_name = "DHE";
TLScontext->kex_bits = EVP_PKEY_bits(dh_pkey);
> (FWIW, nginx logs unknown groups by their group id, in this case "0x6399")
>
> https://github.com/nginx/nginx/blob/master/src/event/ngx_event_openssl.c#L5138
Not terribly friendly/useful.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
