On 02/12/2018 22:13, Viktor Dukhovni wrote: > > [ While I could ask off-list, or RTFS, someone else might have the > same question later, so might as well ask on-list. ] > > Postfix added support for ECDHE ciphers long ago, back when OpenSSL > 1.0.0 was shiny and new, and the server-side ECDHE support was > enabled by specifying a single preferred "temp" ECDH curve. At the > time we allowed users to configure: > > smtpd_tls_eecdh_grade = none | strong | ultra > > which was later expanded to: > > smtpd_tls_eecdh_grade = none | strong | ultra | auto > > as documented at: > > http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade > http://www.postfix.org/postconf.5.html#tls_eecdh_strong_curve > http://www.postfix.org/postconf.5.html#tls_eecdh_ultra_curve > http://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves > > The "none" setting is documented to disable ECDHE, and did that by > simply doing nothing, that is by not setting a specific ECDH temp > curve and also not calling SSL_CTX_set_ecdh_auto(). But doing > nothing no longer has the same effect in OpenSSL 1.1.0 and later, > where ECDHE curve negotiation is always on, and SSL_CTX_set_ecdh_auto() > is basically a NOOP (that returns "failure" if the requested behaviour > is ECDHE "off"). > > I thought I might get the same effect by configuring an empty curve > list, but OpenSSL 1.1.x, does not accept an empty list, and in any > case that might also affect DHE support, since IIRC there's now a > unified list of curves and FFDHE groups, and may not be an interface > for configuring just the curves? > > Is there still a way to support the "none" setting other than to > modify the cipherlist (ciphers = "!kECDHE:...")? The Postfix > code that deals with DH settings is separate from the code > that deals with ciphers, and I'd prefer to get these mixed up. AFAIK this can't be done. If you don't want ECDHE then you should not configure ECDHE ciphersuites. WRT a unifed lists of curves that's not quite the case. TLSv1.3 has a single "supported_groups" list for both FFDHE and ECDHE - but OpenSSL does not support FFDHE in TLSv1.3 so in an OpenSSL context this still only relates to ECDHE groups. Matt > > I should say that I understand that turning off ECDHE is increasingly > unwise, interoperability can and will suffer. So I may well decide > to drop support for "none" and pretend the user meant "auto", but > I'd like to understand the available options first. > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
