How to configure Dovecot to disable NIST's curves and still rertain EECDH?
Tributh
dovecot-user at tributh.net
Wed Dec 19 08:17:09 EET 2018
Am 19.12.18 um 07:10 schrieb Kurt Fitzner:
> My opinion is that security by RFC is not security, it's mommy
> medicine. Standards have had a terrible time keeping up with security
> realities.
>
> NITS's curves leak side channel information all over the place. I don't
> have details on what implementations are set to calculate the NIST
> curves in constant time, and that's not an easy feat to do anyway so I
> don't want to depend on implementations that say they are actually doing
> it the right way. Frankly I can't be bothered to keep up with that.
> There are better curves *today*, so yes I intend to use them if I can
> find a way. Otherwise, I'll just keep EECDH disabled.
>
> I have EDH now, and I've not yet run into a client that doesn't support
> it. I want EECDH, but I won't use it without safe curves. I'm
> confident that EECDH with safe curves and a second choice of EDH will
> support any clients that are worth using. OpenSSL supports X25519, and
> that is half the battle.
>
> Is there a way to change the curve selection in Dovecot?
Yes. Try:
ssl_curve_list = X448:X25519
Tested and works with openssl 1.1.1a
More information about the dovecot
mailing list