Gregory BELLIER a écrit :
> Hi.
>
> if I copy an existing cipher in OpenSSL and rename it, it will act as if
> it is a new cipher.
>
> Would I need to build postfix against this new OpenSSL to be able to use
> the new cipher? I think it's not required but I have a doubt.
> How does the TLS negociation work ? I guess it is done by Postfix which
> asks OpenSSL what ciphers are supported and depending of the
> negociation, Postfix stores the cipher's OID selected.
> Therefore Postfix wouldn't care of the existing ciphers and would just
> select the strongest one among the ciphers presented by OpenSSL.
>
> All this for my first question, would it be required to rebuild postfix
> if a new cipher makes its way in OpenSSL to be able to use it?
>
$ ldd /usr/local/libexec/postfix/smtpd
/usr/local/libexec/postfix/smtpd:
...
libssl.so.7 => /usr/local/lib/libssl.so.7 (0x2810a000)
libcrypto.so.7 => /usr/local/lib/libcrypto.so.7 (0x28150000)
...
if you rebuild openssl but provide the same ABI, then it's ok. If you
you can't, then you'll need to rebuild.
This is not a postfix related issue.
