Re: ECDH support for sendmail, again

To: jnemeth%cue.bc.ca@localhost (John Nemeth), jnemeth%netbsd.org@localhost, gdt%ir.bbn.com@localhost (Greg Troxel)
Subject: Re: ECDH support for sendmail, again
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Fri, 6 Dec 2013 05:23:19 +0100

John Nemeth <jnemeth%cue.bc.ca@localhost> wrote:

>      In other words, they should be harmless, if enabled all the
> time, as people must take explicit action for the changes to have
> any effect?

True for tls and ffr_tls_1, which need to be enabled in the
configuration.

Almost true for ffr_tls_ec, which is causes ECDH to be available if TLS
was enabled. And most likley it will be used since it is at top of
OpenSSL default cipher list. Tha admin can disable ECDH by specifying a
cipher list.

In other words, if you enable tls, ffr_tls_1 and ffr_tls_ec, *and* if
you do not enable TLS in the config file, no new behavior is added.
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

References:
- Re: ECDH support for sendmail, again
  - From: John Nemeth

Prev by Date: kdelibs4 PLIST error
Next by Date: Re: kdelibs4 PLIST error
Previous by Thread: Re: ECDH support for sendmail, again
Next by Thread: first steps with pkgsrc on Mac OS X
Indexes:

Home | Main Index | Thread Index | Old Index