Hello,
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_dh.c#L148-L205
Thanks a lot. Works in principle now with one exception. The previous
approach worked for a file, where first comes the PEM certificate and
afterwards the DH params. The new approach only works when the file has
nothing than the DH params inside. Is there a chance to get that behaviour
back or do I need to load the file and strip the certificate myself?
Now it seems the default can be replaced by
SSL_CTX_set_dh_auto(context, 1);
This is preferred over all explicit parameter choices, as it allows the
server and client to negotiate a common known-strong group.
I thought so and this also will be the default.
Freedom in Peace
--
https://www.dstoecker.eu/ (PGP key available)
