ssl_curve_list seems to be ignored with Dovecot 2.3
Marcel Menzel
mail at mcl.gg
Mon Dec 25 20:24:01 EET 2017
Hi all,
after upgrading to Dovecot 2.3, I've noticed the new "ssl_curve_list"
TLS option in 10-ssl.conf.
Setting it to "ssl_curve_list = X25519:P-256" or leaving it blank (auto)
does not change anything, Dovecot keeps on negotiating P-384: Server
Temp Key: ECDH, P-384, 384 bits
When using "-curves X25519" in s_client, it does a fallback to DH:
Server Temp Key: DH, 4096 bits
I'm on Dovecot 2.3.0 (c8b89eb) with OpenSSL 1.1.0g 2 Nov 2017 on Arch
Linux 4.14.8-1-ARCH.
Am I missing something here? OpenSSL 1.1 defaults to Curve25519 when
leaving it on auto.
Greetings,
Marcel Menzel
More information about the dovecot
mailing list