pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ECDH support for sendmail, again



John Nemeth <jnemeth%cue.bc.ca@localhost> wrote:

>      In other words, they should be harmless, if enabled all the
> time, as people must take explicit action for the changes to have
> any effect?

True for tls and ffr_tls_1, which need to be enabled in the
configuration.

Almost true for ffr_tls_ec, which is causes ECDH to be available if TLS
was enabled. And most likley it will be used since it is at top of
OpenSSL default cipher list. Tha admin can disable ECDH by specifying a
cipher list.

In other words, if you enable tls, ffr_tls_1 and ffr_tls_ec, *and* if
you do not enable TLS in the config file, no new behavior is added.
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index