summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>2016-12-02 14:32:08 +0100
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>2016-12-04 22:04:00 +0100
commit8e53a4fc1a0790138a5b460da7d9c621f6d32622 (patch)
tree2ef9a3cdea4bc54d25fbd98b8d7ffd77f227fbbd
parentdc8ae77b80164fe6abf7f55c8deffcfc91c2aebf (diff)
OpenSSL: default to tls_eccurve = auto
For OpenSSL < 1.0.2: fallback to prime256v1, for newer libraries rely on auto-selection.
-rw-r--r--doc/doc-docbook/spec.xfpt18
-rw-r--r--doc/doc-txt/ChangeLog2
-rw-r--r--src/src/globals.c2
-rw-r--r--src/src/tls-openssl.c27
4 files changed, 33 insertions, 16 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index c3fc1fb21..ce64fd405 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17139,17 +17139,19 @@ prior to the 4.80 release, as Debian used to patch Exim to raise the minimum
acceptable bound from 1024 to 2048.
-.option tls_eccurve main string&!! prime256v1
+.option tls_eccurve main string&!! &`auto`&
.cindex TLS "EC cryptography"
-If built with a recent-enough version of OpenSSL,
-this option selects a EC curve for use by Exim.
+This option selects a EC curve for use by Exim.
-Curve names of the form &'prime256v1'& are accepted.
-For even more-recent library versions, names of the form &'P-512'&
-are also accepted, plus the special value &'auto'&
-which tells the library to choose.
+After expansion it must contain a valid EC curve parameter, such as
+&`prime256v1`&, &`secp384r1`&, or &`P-512`&. Consult your OpenSSL manual
+for valid selections.
-If the option is set to an empty string, no EC curves will be enabled.
+For OpenSSL versions before (and not including) 1.0.2, the string
+&`auto`& selects &`prime256v1`&. For more recent OpenSSL versions
+&`auto`& tells the library to choose.
+
+If the option expands to an empty string, no EC curves will be enabled.
.option tls_ocsp_file main string&!! unset
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 6532b1ced..156413fcd 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -140,6 +140,8 @@ HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on
HS/02 Bug 1802: Do not half-close the connection after sending a request
to rspamd.
+HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2
+ fallback to "prime256v1".
Exim version 4.87
-----------------
diff --git a/src/src/globals.c b/src/src/globals.c
index b862015a2..f83d85096 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -153,7 +153,7 @@ that's the interop problem which has been observed: GnuTLS suggesting a higher
bit-count as "NORMAL" (2432) and Thunderbird dropping connection. */
int tls_dh_max_bits = 2236;
uschar *tls_dhparam = NULL;
-uschar *tls_eccurve = US"prime256v1";
+uschar *tls_eccurve = US"auto";
# ifndef DISABLE_OCSP
uschar *tls_ocsp_file = NULL;
# endif
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 452452df2..d9426ac91 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -83,9 +83,6 @@ functions from the OpenSSL library. */
# define EXIM_HAVE_ECDH
# endif
# if OPENSSL_VERSION_NUMBER >= 0x10002000L
-# if OPENSSL_VERSION_NUMBER < 0x10100000L
-# define EXIM_HAVE_OPENSSL_ECDH_AUTO
-# endif
# define EXIM_HAVE_OPENSSL_EC_NIST2NID
# endif
# endif
@@ -729,16 +726,32 @@ if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve))
if (!exp_curve || !*exp_curve)
return TRUE;
-# ifdef EXIM_HAVE_OPENSSL_ECDH_AUTO
-/* check if new enough library to support auto ECDH temp key parameter selection */
+/* "auto" needs to be handled carefully.
+ * OpenSSL < 1.0.2: we do not select anything, but fallback to primve256v1
+ * OpenSSL < 1.1.0: we have to call SSL_CTX_set_ecdh_auto
+ * (openss/ssl.h defines SSL_CTRL_SET_ECDH_AUTO)
+ * OpenSSL >= 1.1.0: we do not set anything, the libray does autoselection
+ * https://github.com/openssl/openssl/commit/fe6ef2472db933f01b59cad82aa925736935984b
+ */
if (Ustrcmp(exp_curve, "auto") == 0)
{
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
DEBUG(D_tls) debug_printf(
- "ECDH temp key parameter settings: OpenSSL 1.2+ autoselection\n");
+ "ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
+ exp_curve = "prime256v1";
+#else
+# if defined SSL_CTRL_SET_ECDH_AUTO
+ DEBUG(D_tls) debug_printf(
+ "ECDH OpenSSL 1.0.2+ temp key parameter settings: autoselection\n");
SSL_CTX_set_ecdh_auto(sctx, 1);
return TRUE;
+# else
+ DEBUG(D_tls) debug_printf(
+ "ECDH OpenSSL 1.1.0+ temp key parameter settings: default selection\n");
+ return TRUE;
+# endif
+#endif
}
-# endif
DEBUG(D_tls) debug_printf("ECDH: curve '%s'\n", exp_curve);
if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef