https://bugs.exim.org/show_bug.cgi?id=2954
--- Comment #2 from [email protected] --- It is technically impossible for it to be broken since 2015 because at that time, there was no OpenSSL 3.0.0. Remember: Only the implementation for OpenSSL 3.0.0 is broken. All prior versions work just fine. In fact (if the git-blame is anything to go by) this implementation was added on November 29 2021: https://github.com/Exim/exim/blame/313dcd5968cd8a02995322fa771f4d56b9f15e49/src/src/tls-openssl.c#L808 Around March of this year or very shortly thereafter, Debian Bookworm will be released. It uses OpenSSL 3.0.0 natively. Those users won't be able to use/change tls_eccurve then. Just to give some context for the importance of that option: "tls_eccurve" is what "tls_dhparam" is in terms of elliptic cryptography. I am not quite sure if "not well used" is an appropriate dismissal for such a fundamentally important option. It defines the algorithm as well as the strength of a Diffie-Hellman exchange under elliptic cryptography. Hence the name "Elliptic Curve Diffie-Hellman Exchange" or short ECDHE. Considering that TLS 1.3 primarily - but also generally the future of cryptography - is based on elliptic curves, it is not only fundamentally important but quite honestly a necessity. I have tracked down the bug as well as provided a patch (it was a simple parentheses error) that fixes the issue and tested it on Ubuntu 22.04 LTS Jammy Jellyfish with > OpenSSL 3.0.0 successfully. See my github pull request. For more information about elliptic cryptography: https://www.youtube.com/watch?v=NF1pwjL9-DE -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
