On Thu, Oct 29, 2009 at 11:33:13AM +0300, Victor B. Wagner wrote:
> > Yes, of course, in a strictly technical sense. From a user perspective,
> > however, both are the same sort of thing, something one needs to configure
> > to enable kEDH or kEECDH ciphers. When neither set of parameters is
> > p
On 2009.10.28 at 14:56:54 -0400, Victor Duchovni wrote:
> On Wed, Oct 28, 2009 at 09:09:59PM +0300, Victor B. Wagner wrote:
>
> > > > But for some setups, especially in OpenSSL 1.0, which supports EC
> > > > ciphersuites, dh parameters are not neccessary.
> > >
> > > This is not entirely accurat
On Wed, Oct 28, 2009 at 09:09:59PM +0300, Victor B. Wagner wrote:
> > > But for some setups, especially in OpenSSL 1.0, which supports EC
> > > ciphersuites, dh parameters are not neccessary.
> >
> > This is not entirely accurately, one still needs to designate an ECDH
> > curve for ECDHE ciphers
On 2009.10.28 at 11:05:22 -0400, Victor Duchovni wrote:
> On Wed, Oct 28, 2009 at 04:06:07PM +0300, Victor B. Wagner wrote:
>
> > But for some setups, especially in OpenSSL 1.0, which supports EC
> > ciphersuites, dh parameters are not neccessary.
>
> This is not entirely accurately, one still n
On Wed, Oct 28, 2009 at 04:06:07PM +0300, Victor B. Wagner wrote:
> But for some setups, especially in OpenSSL 1.0, which supports EC
> ciphersuites, dh parameters are not neccessary.
This is not entirely accurately, one still needs to designate an ECDH
curve for ECDHE ciphers. Postfix code for t
