On Tue, Jan 21, 2025 at 02:32:05PM +0100, Damian via Postfix-users wrote:
> Does Postfix support Brainpool curves?
OpenSSL supports or does not support curves, Postfix just uses OpenSSL,
but the *default* list of curves passed to OpenSSL:
tls_eecdh_auto_curves = X25519 X448 prime256v1 secp384r1 secp521r1
tls_ffdhe_auto_groups = ffdhe2048 ffdhe3072
is deliberately pruned to just the mainstream options. You can if you
wish extend the list, but you may find rather limited support for these
generally.
> The Forward Secrecy Readme mentions X25519 and X448 explicitly, P-256
> implicitly, while Brainpool curves don't come up anywhere.
I did not want to encourage unrealistic expectations that other choices
would be beneficial.
> I still tried with Postfix 3.9.1 and OpenSSL 3.4.0 but failed to
> establish a TLS connection between `openssl s_client` and Postfix,
> while `s_client` to `s_server` works in principle.
I'd like to suggest more productive pursuits.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
