On 10/24/2013 11:15 AM, li...@rhsoft.net wrote:
Am 24.10.2013 11:11, schrieb Patrick Lists:
On 10/23/2013 10:57 PM, Viktor Dukhovni wrote:
[snip]
The problem turns out to be that RedHat's patch did not prune the
list of curves advertised by the TLS client! They're going to
update the code to
Am 24.10.2013 11:11, schrieb Patrick Lists:
> On 10/23/2013 10:57 PM, Viktor Dukhovni wrote:
> [snip]
>> The problem turns out to be that RedHat's patch did not prune the
>> list of curves advertised by the TLS client! They're going to
>> update the code to only advertise secp{256,384}r1, which w
On 10/23/2013 10:57 PM, Viktor Dukhovni wrote:
[snip]
The problem turns out to be that RedHat's patch did not prune the
list of curves advertised by the TLS client! They're going to
update the code to only advertise secp{256,384}r1, which will make
connections to gmx.de work again (but without E
Am 23.10.2013 22:57, schrieb Viktor Dukhovni:
> On Tue, Oct 22, 2013 at 06:07:49AM +, Viktor Dukhovni wrote:
>
> Follow-up, comments after a brief email discussion with Paul Wouters
> of RedHat:
thank you so much for that!
>> * Firstly, client TLS extensions are not possible when the client
On Tue, Oct 22, 2013 at 06:07:49AM +, Viktor Dukhovni wrote:
Follow-up, comments after a brief email discussion with Paul Wouters
of RedHat:
> * Firstly, client TLS extensions are not possible when the client starts
> with an SSLv2 compatible SSL HELLO. So the list of supported curves
>
On Tue, Oct 22, 2013 at 03:19:41AM +0200, li...@rhsoft.net wrote:
> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
> >
> > The author of comment #4 is not getting it. The problem is NOT
> > that Postfix fails to negotiate EECDH, rather the problem is that
> > it does! Once EECDH is
On Tue, Oct 22, 2013 at 03:19:41AM +0200, li...@rhsoft.net wrote:
> > This is NOT progress. No support for EC is better than broken
> > support for EC. Either implement EC support or don't.
>
> yes, frustrating, but better start with something crippled and
> hope it improves than wait another 6
Am 22.10.2013 02:33, schrieb Viktor Dukhovni:
> On Mon, Oct 21, 2013 at 11:55:38PM +0200, li...@rhsoft.net wrote:
>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
>
> The author of comment #4 is not getting it. The problem is NOT
> that Postfix fails to negotiate EECDH, rather the
On Mon, Oct 21, 2013 at 11:55:38PM +0200, li...@rhsoft.net wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
The author of comment #4 is not getting it. The problem is NOT
that Postfix fails to negotiate EECDH, rather the problem is that
it does! Once EECDH is negotiated, the se
On Mon, Oct 21, 2013 at 11:49:48PM +0200, li...@rhsoft.net wrote:
> >> since you sound very knowledgeable about SSL may you consider
> >> to make a comment there?
> >>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=1019251
> >
> > I have enough fish to fry. The problem is obvious, client promi
Am 21.10.2013 23:49, schrieb li...@rhsoft.net:
> i hate it to ask but is there any change postfix avoids ECDHE for such
> destinations
> in case of this situation and continues to use DHE if the requested curve is
> not
> available in the linked openssl library?
>
>>> as far as i can see in al
Am 21.10.2013 23:40, schrieb Viktor Dukhovni:
> On Mon, Oct 21, 2013 at 11:17:25PM +0200, li...@rhsoft.net wrote:
>
>>> Instead of improving the world by finally supporting EC, they've
>>> made things worse! Previously clients negotiated something other
>>> than EECDH key exchange, now they neg
On Mon, Oct 21, 2013 at 11:17:25PM +0200, li...@rhsoft.net wrote:
> > Instead of improving the world by finally supporting EC, they've
> > made things worse! Previously clients negotiated something other
> > than EECDH key exchange, now they negotiate it and fail! Sorry to
> > say so, but the Re
Am 21.10.2013 23:04, schrieb Viktor Dukhovni:
> On Mon, Oct 21, 2013 at 09:43:50PM +0200, li...@rhsoft.net wrote:
>
>> postfix/smtp[7411]: warning: TLS library problem:
>> 7411:error:100AE081:elliptic curve
>> routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
>>
>> maybe relevant
On Mon, Oct 21, 2013 at 09:43:50PM +0200, li...@rhsoft.net wrote:
> postfix/smtp[7411]: warning: TLS library problem:
> 7411:error:100AE081:elliptic curve
> routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
>
> maybe relevant to "only ECC NIST Suite B curves support"?
> postfix wa
postfix/smtp[7411]: warning: TLS library problem: 7411:error:100AE081:elliptic
curve
routines:EC_GROUP_new_by_curve_name:unknown group:ec_curve.c:316
maybe relevant to "only ECC NIST Suite B curves support"?
postfix was compiled against exactly this openssl build
as far as i can see fallback to u
16 matches
Mail list logo
