25 Dec
2017
25 Dec
'17
8:24 p.m.
Hi all,
after upgrading to Dovecot 2.3, I've noticed the new "ssl_curve_list" TLS option in 10-ssl.conf. Setting it to "ssl_curve_list = X25519:P-256" or leaving it blank (auto) does not change anything, Dovecot keeps on negotiating P-384: Server Temp Key: ECDH, P-384, 384 bits
When using "-curves X25519" in s_client, it does a fallback to DH: Server Temp Key: DH, 4096 bits
I'm on Dovecot 2.3.0 (c8b89eb) with OpenSSL 1.1.0g 2 Nov 2017 on Arch Linux 4.14.8-1-ARCH.
Am I missing something here? OpenSSL 1.1 defaults to Curve25519 when leaving it on auto.
Greetings,
Marcel Menzel