On Mon, Jan 17, 2011 at 06:24:28AM +0100, Stefan Foerster wrote:
> > > Perhaps with 2.9 we can finally "mainstream" server-side eecdh support.
> >
> > Assuming that these aren't all Postfix-to-Postfix sessions, that would
> > mean EECDH is burned in by now.
>
> I just investigated this, and the only sites that seem to use EECDH
> are sites running Postfix. Anecdotal evidence from several smallish,
> private mail servers.
In order to use EECDH on an OpenSSL-based SMTP client, one need only use
OpenSSL 1.0.0 or later. kEECDH ciphers are preferred over kEDH ciphers,
which are preferred over ciphers that don't use ephemeral key exchange.
The feature in question enables EECDH support on the SMTP server, for this
the server has to take explicit action by selecting a suitable "curve" for
the EECDH exchange. Therefore most servers (that don't include code to do
this) will not offer EECDH.
Postfix may for now be the only mainstream SMTP server that enables
server-side EECDH support, but this is not important. SMTP servers
don't talk to SMTP servers, rather SMTP clients talk to SMTP servers,
and many SMTP clients support EECDH without any explicit action to turn
it on, just by using a modern (1.0.0) OpenSSL release.
So the question is whether more than just Postfix *clients* are using
EECDH when offered by a Postfix server, and the answer is yes, though
OpenSSL 1.0.0 is not yet widely deployed.
The number of clients will grow over the next couple of years as upgrades
happen, and as additional platforms (Microsoft, Java, GnuTLS, ...) gain
EECDH support.
--
Viktor.
